Ransomware is malicious software (malware) that encrypts files and then displays a message about how access can be regained by paying a ransom. There is no guarantee paying the ransom will actually restore access to those files.
Imagine losing access to all your files (including your photos, work-product, everything). Ransomware can cause a complete loss of access to files on your local machine and any shared networked drive(s). This means your misstep can not only lead to the loss of your baby pictures, but may also cause others to lose access to their files which may include dissertations, budgets, music, accounts receivable files, etc.
The question of whether ransom should be paid to recover access creates a moral dilemma. Given the critical nature of your files, your initial reaction may be to pay the ransom. Doing so, in the big picture, encourages extortionists to attack more people. Additionally, more people may be inspired to begin a career in ransomware. Paying ransoms essentially leads to more ransomware.
- Do not click on “verify your account” or “login” links in any email. It may be wise to review “Email & Phishing Scams”.
- Do not click on or open unsolicited or unexpected email attachments or links.
- Be cautious about opening attachments, even from trusted senders. At IU, look for digital signatures on emails from senior administrators.
- Report impersonated or suspect email. (PhishAlarm makes it easy.)
- Backup your data regularly, and test your backups (try restoring files).
- Do not enable external content or run macros you did not create. THINK BEFORE YOU CLICK! If you do not use macros or ActiveX in MS Office, disable them.
- If you are an administrator of an email distribution list, restrict who can send mail to your lists.
- Keep third party software (examples: java, adobe reader) updated. Regularly patch all software.
- Install anti-virus and firewall programs and keep security software definition files up-to-date.
- Use a less privileged account for daily work.
- Scan departmental servers regularly. (Read more about “Vulnerability Scanners”.)
- Train your staff on how to stay safe online.
The frustrations of ransomware should not be underestimated. We often take the convenience of quickly and easily accessing stored files for granted in situations when deadlines fast approach. Imagine combining the stress of a critical due date or emergency with the inability to access the files or shared directories needed to resolve it. This was what happened to an IU official during IU’s recent table-top cybersecurity exercise in which a ransomware infection was simulated. The experience of having to look over someone else’s shoulder, borrow someone else’s computer, restore (reconstruct) documents, etc. during the exercise was less than convenient. Fortunately, the "victim" was surrounded by a great team of experienced professionals who had a sophisticated understanding of how to move through the scenario. This might not be your experience in a real-world situation.
Ransomware is real, but it does not have to be debilitating. The simple tips above should be familiar because many are commonly suggested to mitigate other security issues. Although anyone can fall victim to ransomware, ransom need not be paid if data can be restored from backups. To be clear, the best prevention is to back-up your data regularly.
This article was written by Sara Chambers, IU Chief Privacy Officer, and Tim Goth, incident response manager for the University Information Policy Office.