This content is viewable by Everyone


Ransomware Rising Again!

  • Author: Esther Silver

  • Date:

The link to the IT Security Awareness Quiz is at the end of the article. Complete the quiz for an entry in a drawing for 1 of 6 $50 Amazon gift cards.

In 2022, global law enforcement efforts focused on controlling ransomware began to decrease the number of attacks and lower payments made to hackers. However, in 2023, indicators shot back up again, making it ever more important to be alert for ransomware.

Ransomware targets home users, businesses, and particularly institutions like hospitals and universities, and it is ever-evolving.  It’s no longer just about locking up data. Cyber criminals also threaten to divulge sensitive and confidential information and recently have targeted software manufacturers to create supply chain infections that can, in turn, impact the users of those software products and services.

What is ransomware?

Ransomware is a type of malicious software (a.k.a. malware) that locks the victim out of their computer or files – often by encrypting them – until a ransom is paid. The ransomware typically displays a message letting the victim know that they have been locked out, along with instructions for how and how much to pay. 

Ransomware is often spread through use of stolen credentials, malicious links, and harmful attachments in email; however, this is not the only mechanism. Other sources include malicious applications and files and adware/spyware. 

To pay or not to pay? 

It is important to note that these are criminals.  There are no guarantees that if you pay the ransom, you’ll get access back to your computer or files or that the criminals will delete copies of your files they might still have. The FBI and law enforcement advise never paying the ransom because it encourages the criminals to continue committing crimes.  However, if the impact of losing the files could potentially have catastrophic consequences, and the criminal group that locked them has a track record of unlocking them if paid, paying the ransom may be the best option.   

What to do if you receive a ransom note 

Work-related device 

If you receive a ransomware pop-up or message on your device alerting you to an infection, take the following steps immediately to avoid any additional infections or data loss: 

  1. Disconnect from the internet (disable wi-fi and unplug any wired internet connection). 
  2. Disconnect any external drives. 
  3. Immediately report the incident to the IT Service Desk (415-514-4100). 
  4. Follow the reporting instructions at How to Report a Security Incident

Personal device (never used for work)  

  1. Contact your local FBI field office to request assistance, or submit a tip online. 
  2. File a report with the FBI’s Internet Crime Complaint Center (IC3).  

What to do to minimize the risk of ransomware 

To prevent a ransomware attack and mitigate the impact if one occurs perform the following on an ongoing basis: 

  1. Exercise caution when opening your messages. Most ransomware attacks begin with some sort of phishing message. Pay attention to emails you get and be on the lookout for phishing attempts. Use the UCSF Phish Alarm tool to report phishing messages. Be on the lookout for external warning banners in your email to denote risky or external senders. 
  2. Use anti-virus software and firewalls. It's important to obtain and use anti-virus software and firewalls from reputable companies and continually maintain your anti-virus software and firewalls through automatic updates. UCSF IT provides security software (anti-virus and firewall in one) free of charge to UCSF faculty, staff, students, and researchers at
  3. Keep your devices and software up to date. Install updates ASAP for all your operating systems and applications. 
  4. Enable pop-up blockers. Pop-ups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within pop-ups, it's best to prevent them from appearing in the first place. Get more help: 
  1. Always back up your computer content. Ransomware scams will have limited impact on you if you back up, verify, and maintain offline copies of your personal and application data. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files. A backup service, CrashPlan Pro, is offered, at no additional charge, to all ITFS-supported desktops and laptops, as part of the ITFS Basic Support, and to UCSF Medical Center–supported devices.
  2. Don’t be Admin all the time.  If your computer lets you have separate user accounts, keep the administrative account separate from the one you actually use to do regular things on your computer.  Accidents happen, and if they happen in an admin account, they can do a lot more harm.  And with systems used for UCSF business, use the least amount of privilege necessary to do what you do. 

Take the quiz on protecting UCSF and yourself from ransomware.  The prize for passing the quiz is one entry in a drawing for one of six $50 Amazon gift cards. 

UCSF Information 

UCSF: How Do I Protect My Computer from Ransomware 

Additional Information 

Sophos: The State of Ransomware 2023 Report

Sophos: The State of Ransomware in Education 2023 

Sophos: The State of Ransomware in Healthcare 2023 

CISA: Stop Ransomware 

FBI: Scams and Safety Ransomware 

HHS: Fact Sheet: Ransomware and HIPAA 

Varonis: 86 Ransomware Statistics, Data, Trends, and Facts [updated 2023]

NBC News: Major hospital system hit with cyberattack, potentially largest in U.S. history