Security Awareness: Ransomware

Introduction

Ransomware is a form of malware designed to encrypt files on a device, rendering them and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. 

Over time, malicious actors have adjusted their ransomware tactics to be more destructive and impactful and have also exfiltrated victim data and pressured victims to pay by threatening to release the stolen data. The application of both tactics is known as “double extortion.” In some cases, malicious actors may exfiltrate data and threaten to release it as their sole form of extortion without employing ransomware. 

These ransomware and associated data breach incidents can severely impact business processes by leaving organizations unable to access necessary data to operate and deliver mission critical services. The economic and reputational impacts of ransomware and data extortion have proven challenging and costly for organizations of all sizes throughout the initial disruption and, at times, extended recovery. (Source: osint: MS-ISAC)

 

Preventing and Mitigating Ransomware and Data Extortion Incidents

To help mitigate the risk of ransomware, the FBI encourages organizations to: (source: osint: FBI)

  • create backups
  • review the security posture of third-party vendors
  • secure user accounts in compliance with NIST-recommended policies
  • implement phishing-resistant MFA
  • network segmentation
  • monitor for suspicious activity
  • disable unused ports and services
  •  keep all systems and applications updated

 

How can I protect my data?

  1. Back up your data to OneDrive! OneDrive is the most secure way to store your data, and has Ransomware protection built-in.
  2. Update your computer’s operating system to keep it as current as possible.
  3. Run up-to-date antivirus software.
  4. Be cautious about what attachments to email messages you open.
  5. Be cautious about what websites you visit. Searching the internet for free music, movies, books, and software is the most common way to be infected by malware.
  6. Do not download and install unfamiliar software, even if its maker claims it will prevent Ransomware.

What should I do if I get infected?

  • Immediately remove power from the machine. Remove the power cord and if it is a laptop also remove the battery.
  • Do not attempt to move files or circumvent the problem
  • File a Security - Report an Incident form:   https://indstate.teamdynamix.com/TDClient/1851/Portal/Requests/ServiceDet?ID=26161  OR
  • Call the Technology Support Center at 812-237-2910

ISU employees are required by ISU policy to report a suspected security incident immediately.