This content is viewable by Everyone
Author: Esther Silver
The link to the IT Security Awareness Quiz is at the end of the article. Complete it for an entry in a drawing for 1 of 6 $50 Amazon gift cards.
If it seems like ransomware is all over the news lately, that’s because it is. A recent survey of IT professionals by Sophos found that 44% of educational and 34% of healthcare institutions were hit by ransomware in 2020. Not only is the number of attacks going up exponentially, but the amount of money extorted per attack is also increasing. According to the National Security Institute, the average ransomware fee has gone from $5,000 in 2018 to $200,000 in 2020.
Ransomware targets range from home users to corporate networks, and how ransomware works is evolving. It’s no longer just about locking up data. Cyber criminals also threaten to divulge sensitive and confidential information and recently have targeted software manufacturers to create supply chain infections. The recent ransomware attack on Colonial Pipeline created a multi-day shutdown that caused panic buying and the price of gas to go to its highest level in seven years.
What is Ransomware?
Ransomware is a type of malicious software (a.k.a malware) that locks the victim out of their computer or files – often by encrypting them – until a ransom is paid. The ransomware typically displays a message letting the victim know that they have been locked out, along with instructions for how and how much to pay.
Ransomware is often spread through use of stolen credentials, malicious links, and harmful attachments in email; however, this is not the only mechanism. Other sources include malicious applications and files, and adware/spyware.
To pay or not to pay?
It is important to note that these are criminals. There are no guarantees that if you pay the ransom, you’ll get access to your computer or files back or that the criminals will delete their copies of your files. The FBI and law enforcement advise never paying the ransom because it encourages the criminals to continue committing crimes. However, if the impact of losing the files could potentially have catastrophic consequences, and the criminal group that locked them has a track record of unlocking them if paid, paying the ransom may be the best option.
What to do if you receive a ransom note
If you receive a ransomware pop-up or message on your device alerting you to an infection,
take the following steps immediately to avoid any additional infections or data loss:
Disconnect from the internet (disable Wi-Fi and unplug any wired internet connection).
Disconnect any external drives.
Report the incident to the IT Service Desk (415-514-4100).
Follow the reporting instructions at How to Report a Security Incident.
Personal device (never used for work)
File a report with the FBI’s Internet Crime Complaint Center (IC3).
What to do to minimize the risk of ransomware
To prevent a ransomware attack and mitigate the impact if one occurs perform the following on an ongoing basis:
Exercise caution when opening your messages. Most ransomware attacks begin with some sort of phishing message. Pay attention to emails you get and be on the lookout for phishing attempts. Use the UCSF Phish Alarm tool to report phishing messages. Be on the lookout for warning banners in your email to denote risky or external senders.
Use anti-virus software and firewalls. It's important to obtain and use anti-virus software and firewalls from reputable companies and continually maintain your anti-virus software and firewalls through automatic updates. UCSF IT provides security software (anti-virus and firewall in one) free of charge to UCSF faculty, staff, students, and researchers at Software.ucsf.edu.
Keep your devices and software up to date. Install updates ASAP for all your operating systems and applications.
Enable pop-up blockers. Pop-ups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within pop-ups, it's best to prevent them from appearing in the first place. Get help:
Always back up your computer content. Ransomware scams will have limited impact on you if you back up, verify, and maintain offline copies of your personal and application data. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files. A backup service (CrashPlan Pro) is offered at no additional charge to:
All ITFS-supported desktops and laptops, as part of ITFS Basic Support
UCSF Medical Center–supported laptops: Computer Backup (CrashPlan)
Don’t be Admin all the time. If your computer lets you have separate user accounts, keep the administrative account separate from the ones users actually use to do things on the computer. Accidents happen, and if they happen in an admin account, they can do a lot more harm. And with work systems, use the least amount of privilege necessary to do what you do.
Take the quiz on protecting UCSF and yourself from ransomware. The prize for passing the quiz is one entry in a drawing for one of six $50 Amazon gift cards.
CISA: Stop Ransomware