This content is viewable by Everyone

News

Ransomware Attacks Continue to Surge

  • Author: Esther Silver

  • Date:

The link to the IT Security Awareness Quiz is at the end of the article. Complete the quiz for an entry in a drawing for one of six $50 Amazon gift cards.

In 2022, global law enforcement thought their efforts focused on controlling ransomware began to decrease the number of attacks and lower payments made to hackers. We now know that 2022 was an anomaly. According to Chainalysis, in 2023, ransomware payments exceeded 1 billion dollars, a record high. This year is not looking any better. Recently, Zscaler Threat Labs uncovered an unprecedented ransom payout of US$75 million—the largest ever paid by one company. 

Ransomware targets home users and businesses of all types. It’s no longer just about locking up data. Cybercriminals also threaten to divulge sensitive and confidential information, and recently, they have targeted software manufacturers to create supply chain infections that can, in turn, impact the users of those software products and services.

Healthcare continues to be one of the most targeted industries. A ransomware attack on one of the nation’s largest healthcare systems, Ascension Hospitals, in May 2024 made it clear why we need to protect ourselves. An NPR article quoted clinicians who said the cyberattack led to harrowing lapses in medical care, including delayed or lost lab results, medication errors, and an absence of routine safety checks via technology to prevent potentially fatal mistakes. 

In addition, even if an organization has adequate systems and data backup measures in place where data can be recovered, the effort of data recovery, extra costs in terms of time, labor, reputation, and loss of system availability can be enormous. 

Although detecting and responding to these attacks is important, prevention is the key. It starts with user awareness, primarily in the area of phishing.

What is ransomware?

Ransomware is malicious software (a.k.a. malware) that locks the victim out of their computer or files – often by encrypting them – until a ransom is paid. The ransomware typically displays a message letting the victim know they have been locked out, along with instructions for how and how much to pay. 

Ransomware is often spread by using stolen credentials, malicious links, and harmful attachments in email; however, this is not the only mechanism. Other sources include malicious applications and files and adware/spyware. 

To pay or not to pay? 

It is important to note that these are criminals. There are no guarantees that if you pay the ransom, you’ll get access back to your computer or files, or the criminals will delete copies of your files they might still have. The FBI and law enforcement advise never paying the ransom because it encourages the criminals to continue committing crimes. However, if the impact of losing the files could have catastrophic consequences, and the criminal group that locked them has a track record of unlocking them if paid, paying the ransom may be the best option.   

What to do if you receive a ransom note 

Work-related device 

If you receive a ransomware pop-up or message on your device alerting you to an infection, take the following steps immediately to avoid any additional infections or data loss: 

  1. Disconnect from the internet (turn off wi-fi and unplug any wired internet connection). 
  2. Disconnect any external drives. 
  3. Immediately report the incident to the IT Service Desk (415-514-4100). 
  4. Follow the reporting instructions at How to Report a Security Incident

Personal device (never used for work)  

  1. Contact your local FBI field office to request assistance or submit a tip online. 
  2. File a report with the FBI’s Internet Crime Complaint Center (IC3).  

What to do to minimize the risk of ransomware 

To prevent a ransomware attack and mitigate the impact if one occurs, perform the following on an ongoing basis: 

  1. Exercise caution when opening your messages. Most ransomware attacks begin with some sort of phishing message. Pay attention to emails you get and be on the lookout for phishing attempts. Use the UCSF Phish Alarm tool to report phishing messages. Be on the lookout for external warning banners in your email to denote risky or external senders. 
  2. Use anti-virus software and firewalls. It's important to obtain and use anti-virus software and firewalls from reputable companies and continually maintain your anti-virus software and firewalls through automatic updates. UCSF IT provides security software (anti-virus and firewall in one) free of charge to UCSF faculty, staff, students, and researchers at Software.ucsf.edu
  3. Keep your devices and software up to date. Install updates ASAP for all your operating systems and applications. 
  4. Enable pop-up blockers. Pop-ups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within pop-ups, it's best to prevent them from appearing in the first place. Get more help: 
  1. Always back up your computer content. Ransomware scams will have a limited impact if you back up, verify, and maintain offline copies of your personal and UCSF data. If you are targeted, instead of worrying about paying a ransom to get your data back, you can wipe your system clean and reload your files. A backup service, CrashPlan Pro, is offered, at no additional charge, to all ITFS-supported desktops and laptops, as part of the ITFS Basic Support, and to UCSF Medical Center supported devices.
  2. Don’t be Admin all the time. Use administrative-level privileges ONLY when needed, switching back to the regular user level at all other times. If your computer lets you have separate user accounts, keep the administrative account separate from the one you use to do regular things on your computer. Accidents happen, and if they happen in an admin account that provides for elevated privileges, the impact and likelihood of harm are much greater. The security concept of “least privilege,” where operating at a level only as high as needed to do the task, should be the default approach.   

Take the quiz on protecting UCSF and yourself from ransomware. The prize for passing the quiz is one entry in a drawing for one of six $50 Amazon gift cards. 

UCSF Information 

UCSF: How Do I Protect My Computer from Ransomware 

Additional Information 

Sophos: The State of Ransomware 2024 Report

Sophos: The State of Ransomware in Education 2024 

Sophos: The State of Ransomware in Healthcare 2024 

CISA: Stop Ransomware 

FBI: Scams and Safety Ransomware 

HHS: Fact Sheet: Ransomware and HIPAA 

NBC News: Major hospital system hit with cyberattack, potentially largest in U.S. history 

Chainalysis: Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline

Zscaler ThreatLabz: 2024 Ransomware Report

NPR: Cyberattack led to harrowing lapses at Ascension hospitals, clinicians say