Information Security Statement on Ransomware
January 31, 2019
Similar to other large organizations, the University of Guelph is a frequent target for attackers attempting to gain unauthorized access or disrupt computing services on campus. In order to protect our systems and data, the University employs a layered defense strategy which is comprised of several security technologies across our network, servers, and applications.
Ransomware is a particularly invasive form of malicious software that can have a significant impact, and has affected many public institutions in recent months. Simply defined, ransomware is a type of malware which prevents you from accessing your computer or certain files unless a ransom is paid.
In the event of a ransomware infection, the strong recommendation of Information Security is never to pay the ransom. Any impacted system must be removed from the campus network immediately to prevent further spread. Those systems must be reimaged completely before reconnecting to the network, and any user data should only be restored from known good backups.
Information Security strongly advises against paying any type of ransom for several reasons:
- Payment fuels the development of further tools, attack campaigns, and funds other types of crime
- Paying the ransom increases the likelihood of further attacks against the University and others
- Payment is no guarantee that data will be released, and recent research indicates that less than half of victims who pay the ransom receive their data back
- After paying the ransom there would be significant concerns around the integrity of the restored data and overall security of the compromised system
Furthermore, we recommend that all campus users take proactive measures to defend against ransomware. Additional information and guidance can be found on the Information Security website (http://infosec.uoguelph.ca), including tips on prevention and how Information Security can assist in responding to a ransomware incident.
Users with questions or requiring assistance with a security incident should contact the Information Security team via email (firstname.lastname@example.org) or via phone at 519-824-4120 Ext. 58006.