Ransomware: The Worst Kind of Pop Quiz for Healthcare and Education

Save

Author: Esther Silver
Date: August 13, 2025
Associated Services:
IT Security Outreach and Training

The IT Security Awareness Quiz link is at the article's end. Complete the quiz for an entry in a drawing for one of five $50 Amazon gift cards.

Ransomware isn’t slowing down—it’s ramping up. According to Verizon’s 2025 Data Breach Investigations Report, ransomware continues to climb as a leading cause of breaches, with the average cost per attack now soaring to an eye-popping $5.5 to $6 million. Healthcare remains a prime target, with CNN revealing earlier this year that the health sector reported over 440 ransomware attacks and data breaches to the FBI in just the past year, the highest among all critical infrastructure industries. The stakes couldn’t be higher, making awareness and prevention more crucial than ever.

Ransomware targets home users and businesses of all types. It’s no longer just about locking up data, but also the ability to breach it as well. Cybercriminals threaten to divulge sensitive and confidential information, and recently, they have targeted software manufacturers to create supply chain infections that can, in turn, impact the users of those software products and services.

Even if an organization has adequate systems and data backup measures in place where data can be recovered, the effort of data recovery, extra costs in terms of time, labor, reputation, and loss of system availability can be enormous.

Although detecting and responding to these attacks is important, prevention is the key. It starts with user awareness, primarily in the area of phishing.

What is ransomware?

Ransomware is malicious software (a.k.a. malware) that locks the victim out of their computer or files – often by encrypting them – until a ransom is paid. The ransomware typically displays a message letting the victim know they have been locked out, along with instructions for how and how much to pay.

Ransomware is often spread by using stolen credentials, malicious links, and harmful attachments in email; however, this is not the only mechanism. Other sources include malicious applications and files, exploitation of zero-day vulnerabilities, and adware/spyware.

To pay or not to pay?

It is important to note that these are criminals. There are no guarantees that if you pay the ransom, you’ll get access back to your computer or files, or the criminals will delete copies of your files they might still have. The FBI and law enforcement advise never paying the ransom because it encourages the criminals to continue committing crimes. However, if the impact of losing the files could have catastrophic consequences, and the criminal group that locked them has a track record of unlocking them if paid, paying the ransom may be a legitimate option to consider.

What to do if you receive a ransom note

Work-related device

If you receive a ransomware pop-up or message on your device alerting you to an infection, take the following steps immediately to avoid any additional infections or data loss:

Disconnect from the internet (turn off wi-fi and unplug any wired internet connection).
Disconnect any external drives.
Immediately report the incident to the IT Service Desk (415-514-4100).
Follow the reporting instructions at How to Report a Security Incident.

Personal device (not used for work)

Contact your local FBI field office to request assistance or submit a tip online.
File a report with the FBI’s Internet Crime Complaint Center (IC3).

What to do to minimize the risk of ransomware

To prevent a ransomware attack and mitigate the impact if one occurs, perform the following on an ongoing basis:

Exercise caution when opening your messages. Most ransomware attacks begin with some sort of phishing message. Pay attention to emails you get and be on the lookout for phishing attempts. Use the UCSF Phish Alarm tool to report phishing messages. Be on the lookout for external warning banners in your email to denote risky or external senders.
Use anti-virus software and firewalls. It's essential to obtain and use anti-virus software and firewalls from reputable companies and continually maintain your anti-virus software and firewalls through automatic updates. UCSF IT provides security software (anti-virus and firewall in one) free of charge to UCSF faculty, staff, learners, and researchers at Software.ucsf.edu.
Keep your devices and software up to date. Install updates when available or as soon as it is validated by UCSF for all your operating systems and applications.
Enable pop-up blockers. Pop-ups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within pop-ups, it's best to prevent them from appearing in the first place. Get more help:

Always back up your computer content. Ransomware scams will have a limited impact if you back up, verify, and maintain offline copies of your personal and UCSF data. If you are targeted, you can wipe your system clean and reload your files instead of worrying about paying a ransom to get your data back. A backup service, CrashPlan Pro, is offered, at no additional charge, to all ITFS-supported desktops and laptops, as part of the ITFS Basic Support, and to UCSF Medical Center supported devices.
Don’t be Admin all the time. Use administrative-level privileges ONLY when needed, switching back to the regular user level at all other times. If your computer lets you have separate user accounts, keep the administrative account separate from the one you use to do regular things on your computer. Accidents happen, and if they happen in an admin account that provides for elevated privileges, the impact and likelihood of harm are much greater. The security concept of “least privilege,” where operating at a level only as high as needed to do the task, should be the default approach.
Enroll in a Password Manager. A password manager is an essential tool for enhancing online security and simplifying digital life. It securely stores and encrypts all your passwords in one place, allowing you to create strong, unique passwords for each account without needing to remember them all. Automating password generation and management reduces the risk of reuse, a common vulnerability exploited by hackers. UCSF provides a free password manager.

Take the quiz on protecting UCSF and yourself from ransomware. The prize for passing the quiz is one entry in a drawing for one of six $50 Amazon gift cards.