Security Awareness: Ransomware

Introduction

Ransomware is a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid in order for the restriction to be removed. Some Ransomware encrypts your data files (Word, PowerPoint, pictures, music, videos, etc.) and holds your data for ransom. When this virus infects a system, it immediately encrypts the users data, and the data on any connected drive or network shared drives that user has access to. Once the data has been encrypted, the virus prompts the user with a message demanding the user to pay an amount, usually between $100 and $300 dollars to un-encrypt the data. The user usually has a short amount of time from the start of the message to pay before the virus deletes the decryption keys. Once the files are encrypted there are no other alternatives except to recover the data from an offline backup. Other types of Ransomware does not encrypt files but displays a message saying the illegal activity has been detected on the computer and authorities will be notified unless the ransom is paid.
 

How is ransomware spread?

Like other types of malware, ransomware is typically spread by email, with a recipient asked to take some kind of action on an attachment, a link, or some other type of content in the email.  One prevalent ransomware virus named Cryptolocker has been spread via a zipped executable file email attachment that is made to look like a bank statement. Some variants of ransomware spread through browser plugin exploits like Flash, Java and Silverlight.

How can I protect my data?

  1. Back up your data to OneDrive! OneDrive is the most secure way to store your data, and has Ransomware protection built-in.
  2. Update your computer’s operating system to keep it as current as possible.
  3. Run up-to-date antivirus software.
  4. Be cautious about what attachments to email messages you open.
  5. Be cautious about what websites you visit.
  6. Do not download and install unfamiliar software, even if its maker claims it will prevent Ransomware.

What should I do if I get infected?

  • Immediately remove power from the machine. Remove the power cord and if it is a laptop also remove the battery.
  • Do not attempt to move files or circumvent the problem
  • File a Security - Report an Incident form:   https://indstate.teamdynamix.com/TDClient/1851/Portal/Requests/ServiceDet?ID=26161  OR
  • Call the Technology Support Center at 812-237-2910

ISU employees are required by ISU policy to report a suspected security incident immediately.

 

 

 

Was this helpful?
0 reviews

Details

Article ID: 94608
Created
Tue 12/17/19 1:51 PM
Modified
Tue 7/20/21 12:03 PM