Ransomware posts displayed by tag

Cybersecurity Awareness: Protect Against Ransomware

All employees at UMB can take simple actions to protect themselves online and recover their data in the event of a cyber incident. This week’s topic covers ransomware and simple steps that an individual or organization can take to improve their online safety.

What is ransomware?

Ransomware is essentially advanced malware whose mission is to take everything stored on your computer and encrypt it. After encrypting your information, the offender will offer to decrypt all of your content for a fee, therefore “ransoming” your data. Ransomware is particularly concerning to businesses that often are asked to shell out thousands of dollars to obtain the decryption keys and in many cases pay but never receive the information necessary to recover their files.

How can I protect myself and the University?

The No. 1 protection against ransomware is vigilance. Malware infections usually make their way onto a user’s computer by persuading them to open a file or run a program by sending a phishing email. In addition to training, which the University will be providing in the coming months, anti-virus software is required for all University-owned computers — we provide network monitoring and an intrusion prevention system (IPS) at the campus gateway to the internet and in front of all administrative servers (i.e., PeopleSoft and Banner).

Simple things like applying the principle of least privilege or the removal of admin rights for user’s computers can help stop the spread of malware throughout the University. Also, it is important to regularly back up your system to a removable drive that can be completely detached after the backup is complete if it contains business critical data.

What should I do if I am infected with ransomware?

If you think the infection is confined to a single machine at your home or at the University, you should immediately disconnect the infected machine from the network. This will help prevent further spread. In some cases, ransomware can be cleaned using software available from anti-virus and anti-malware vendors. In other cases, the user must decide if the content they have lost is worth the ransom and whether the risk of paying without receiving the unlock codes is acceptable.

It is important to determine exactly what ransomware the machine was infected by and how it was activated to prevent accidental spread after the event has concluded. If you have questions about ransomware, please contact Security and Compliance at security-compliance@umaryland.edu

  
Fred Smith Bulletin Board, University LifeOctober 12, 20170 comments
Read More

What is Ransomware?

Ransomware is vicious malware that prevents a user from accessing his or her files by encrypting them. It typically arrives on the affected computer through spam emails or executed via malicious ads or compromised websites however more recently ransomware has been known to start from a malicious email attachment. Once the ransomware is executed on the compromised computer, it encrypts files on the user’s computer and any mapped network drives and even connected cloud storage such as Dropbox, OneDrive, Google Drive, etc.

Ransomware was designed to prevent the user from accessing their files and force them to pay the attacker a fee in order to regain access. Once the files are encrypted, ransomware displays a text document or HTML page with a message informing the user that their files have been encrypted and gives instructions on how to obtain the decryption key needed to unlock the files. This message may also warn users that the decryption key will be deleted after a certain time period to pressure the user into paying sooner. The message also contains a link to a website where the user can make the payment. Even if the user pays the ransom, there’s no guarantee that the attacker will provide the decryption key needed to unlock their files.

What can I do to protect my data?

  • Limit your online activity to business related sites only.
  • Never click on links or open attachments in emails you were not expecting.
  • Minimize the amount of data that is stored locally on your computer. Data stored locally is not backed-up by your IT support group. If you do need to store data locally, it should only be personal in nature and it is your responsibility to ensure personal files are regularly backed up to an alternate storage location.

Am I a Victim of Ransomware?

If you suspect your computer may be impacted by Ransomware, please contact your local IT Support group immediately so we can assist with containment of the malware and any recovery operations that might be possible.

 

  
Chris PhillipsEducation, Technology, University AdministrationMarch 30, 20160 comments
Read More