CyberSecurity Awareness #3: Ransomware

Ransomware  has been around for a few years but has recently been on the rise and has hit a few people here at SPU. There are many variations of ransomware -- two of the most prevalent are called Cryptolocker and WannaCry. Ransomware is a serious issue with potentially devastating consequences. Your data and/or your pocketbook is at stake! You could lose your documents, pictures, music, etc... ANY data files stored on your computer.

Once the infection is present the malware encrypts data files and folders on the local hard drive, attached drives, backup drives, network locations, and potentially other computers on the same network. This is nasty stuff and once infected all your data files are inaccessible. Users are not generally aware of the infection until they get a pop-up message advising of the attack and demanding a ransom payment in exchange for a decryption key to restore access to their files. There are often requirements to pay such as -- "Your files are encrypted! Pay $300 in Bitcoin within 72 hours or lose access to your files forever."

For most variants of ransomware there are few if any tools to break the encryption and restore your system and files. Incidents are increasing and more people, businesses, and organizations (hospitals, governments, educational institutions) are being victimized.

What You Need to Do?

Tips for Dealing with Ransomware Threats (students and employee home computers):

1. Backup your data regularly to a separate drive. For instance, use an external USB thumb-drive or hard-drive, and keep that drive locked away except when backing up your files.
2. Patch operating systems, software, and applications.
3. Ensure anti-virus software is running and up-to-date.
4. Be careful with email, attachments from unknown senders, or demands to follow a link.

For SPU  employees , using SPU  managed computers , accessing  institutional data -- CIS has some additional layers of ransomware protection but ransomware is still a serious threat. Software and application patches, anti-virus updates, protected data backups, mandated browser and security settings, are all enforced for university managed desktop and laptop computers, but you need to do your part.

Help! I Think I Messed Up!

If you think your system is compromised:

1. Immediately shut down your computer -- press-and-hold the power button until the system shuts off if needed.
2. Disconnect from the Internet (unplug the cable, turn-off your Wifi connection).
3. Disconnect any external hard drives or portable devices (including USB drives).
4. Call or email the CIS HelpDesk immediately (206-281-2982 or help@spu.edu). There may be actions we can take to limit or minimize the damage.

The FBI advises to not pay the ransom -- "Paying the ransom doesn't guarantee that you will get your data back -- we've seen cases where you never get a decryption key after having paid the ransom. Paying the ransom not only emboldens current cyber criminals to target more people, it also offers an incentive for other criminals to get involved." However, if your personal data files have been taken (your personal picture library, your music library, or all your personal records) and you don't have a good data backup, a few hundred dollars may be worth your risk and your expense to return your important data.

Computers that have been infected with ransomware must be wiped clean and rebuilt from the ground up. Any data on the computer is irrevocably lost, and must be restored from a secure data backup. This is not fun or easy and can take hours to complete.

If you see something, say something! We're here to help.