If you receive a ransomware pop-up or message on your device alerting you to an infection:
Take immediate action to avoid any additional infections or data loss:
- Disconnect from the internet (disable Wi-Fi and unplug any wired internet connection)
- Disconnect any external drives.
- Report the incident to the IT Service Desk (415-514-4100).
- Follow the reporting instructions at How to Report a Security Incident.
To Minimize the Risk of Ransomware
Always use anti-virus software and a firewall
It's important to (1) obtain and use anti-virus software and firewalls from reputable companies and (2) continually maintain your anti-virus software and firewalls through automatic updates.
UCSF IT provides client security software (anti-virus and firewall in one) free of charge to UCSF faculty, staff, students and researchers: https://software.ucsf.edu.
Maintain current patch levels
Do this for all your operating systems and applications.
Enable pop-up blockers
Pop-ups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within pop-ups, it's best to prevent them from appearing in the first place.
Always back up your computer content
Ransomware scams will have limited impact on you if you back up, verify and maintain offline copies of your personal and application data.
If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files.
A backup service (CrashPlan Pro) is offered at no additional charge to:
- All ITFS-supported desktops and laptops, as part of ITFS Basic Support
- UCSF Medical Center–supported laptops: Computer Backup (CrashPlan)
Don’t click on links inside emails, and avoid suspicious websites.
If your PC does come under attack, use another computer to research details about the type of attack. Remember, however, that some bad guys are devious enough to create fake "information" sites, which promote their own fake anti-virus software or data recovery/decryption programs.