November 18, 2015
The InfoSec team has seen evidence of increased ransomware activity over the past few weeks. We would like to remind the campus community of these threats to the University and offer tips to protect yourself and your data.
What is Ransomware?
Ransomware is a type of malware that infects your computer and then restricts your ability to use the system or your data until you pay a ransom. There are several variants of ransomware in the wild, with the most common being Cryptolocker. This strain of ransomware encrypts your personal files, and then attempts to get you to pay a ransom within a set period of time. If you do not pay, the key to unlock your files is destroyed, rendering the encrypted files lost.
The most common infection vector for ransomware is through email attachments, phishing emails, and visiting malicious websites. To protect University data and systems, it is very important for everyone on campus to be cautious and practice safe email and web browsing habits.
Tips to Protect Yourself and Your Data
- Know how to recognize a phishing email. Review this CCS article from September which outlines how to spot a malicious email and how to respond if you see one - https://www.uoguelph.ca/ccs/news/do-you-know-how-recognize-phishing-scam [1]
- Backup your important data regularly and verify your backups.
- Use a central storage service such as CFS for critical data. CCS central storage is regularly backed up and can be restored very quickly.
- Practice safe browsing habits – keep your browser patched, do not click on pop-ups, use a pop-up blocker, avoid clicking on unknown links, and only visit known trustworthy sites.
- If you are infected, don’t pay the ransom! If you are a victim of ransomware, the system should be reimaged completely and the data restored from backups. Paying the ransom could increase the likelihood of further attacks against the University. As well, after the system was unlocked you would not be able to trust the system or the integrity of data, as it could now contain additional malware, backdoors, or other malicious code.
Written by: Stephen Willem (Manager, CCS Information Security)
Image Source: Freepik [2]