Ransomware Awareness

What is Ransomware?

According to the FBI, “Ransomware is a type of malicious software cyber actors use to deny access to systems or data.” Typically, the malicious actor will hold the system or data hostage via encryption using a private key that only they know. The only way for the victim to regain access to their system or data is to pay the ransom fee to the malicious actor. If the ransom is not paid, the data will remain unavailable or be deleted by the malicious actor or the ransomware. In addition, ransomware may spread to storage drives and other systems present on the network.

How Does Ransomware Get Installed on a System?

Ransomware can be installed on a system through the following means:

  • According to Symantec, “Ransomware is predominantly found on suspicious websites and arrives either via a “drive-by download,” stealth download, or through a user clicking on an infected advert. Some distribution via email has also been seen.”
  •  Remote installation via a software vulnerability.
  • Opening or clicking on a malicious attachment or link found in an email.

Below is an example of CryptoLocker, a common ransomware variant.

Ransomware Awareness Figure 1

How Do I Protect Myself?

Prevention is one of the best methods to defend against ransomware. Below are several steps you can take to prevent ransomware from being installed on your system:

  • Ensure proper anti-virus software is installed on your machine and updated regularly. 
  • Ensure your operating system and programs have received the most recent updates. Attackers can easily exploit vulnerabilities in out-of-date software.
  • Regularly backup your computer and important files. This allows you to have a recovery option, so your data is not lost forever. If using portable media, remove the device once the backup is complete.
  • Do not click on or open suspicious links, pop-ups, or attachments. If you encounter questionable or suspicious emails or websites, contact the IT Service Desk immediately and allow Information Security and Assurance (ISA) to validate the content.

Paying a Ransomware Fee

Per the FBI:

“We do not encourage paying a ransom. However, we understand that when businesses cannot function, executives will evaluate all options to protect their shareholders, employees, and customers. As you contemplate this choice, consider the following risks:

  • Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after paying a ransom.
  • Some victims who paid the demand reported being again targeted by cyber actors.
  • After paying the initially demanded ransom, some victims have been asked to pay more to get the promised decryption key.
  • Paying could inadvertently encourage this criminal business model.”

Useful Links

The FBI provides a more in-depth description of ransomware and what can be done to avoid becoming a victim.

https://www.us-cert.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_Document-FINAL.pdf

The SANS Institute newsletter provides further information on ransomware and steps that can be taken to protect against it.

https://www.sans.org/newsletters/ouch/ransomware/

Need Help?

Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours