Ransomware is a type of malware designed to encrypt your files or lock your operating systems so attackers can demand a ransom payment. According to a 2017 Symantec report, the average ransom demand has increased 266% from 2015 to 2017 and is valued at $1,077 per event. The report continues by stating that “While consumers in particular (69 percent of all infections) are at risk from ransomware, this year saw evidence that ransomware attackers may be branching out and developing even more sophisticated attacks, such as targeted ransomware attacks on businesses [and Institutions of Higher Education] that involved initial compromise and network traversal leading to the encryption of multiple machines. Ransomware looks set to continue to be a major source of concern globally in 2017.” (https://www.symantec.com/security-center/threat-report)
Typically starting as a phishing attack, ransomware executes when a user is lured to click on an infected link or e-mail attachment or to download a file or software drive while visiting a rogue website. Sophisticated social engineering techniques are used to entice users to take the desired action; examples include
- an embedded malicious link in an e-mail offers a cheap airfare ticket (see figure 1);
- an e-mail that appears to be from Google or Facebook inviting recipients to click on an image to update their web browser or access a file that supposedly has been shared with them (see figure 2); or
- a well-crafted website mimics a legitimate website and prompts users to download a file or install an update that locks their PC or laptop.
To avoid becoming a victim of ransomware, users can follow these tips:
- Delete any suspicious e-mail. Messages from unverified sources or from known sources that offer deals that sound too good to be true are most likely malicious (see figure 3). If in doubt, contact the alleged source by phone or by using a known, public e-mail address to verify the message’s authenticity. Before you delete the message, send a copy of the suspicious email as an attachment to firstname.lastname@example.org so we can analyze the full message.
- Avoid clicking on unverified e-mail links or attachments. Suspicious links might carry ransomware (such as the CryptoLocker Trojan). These links and files represent that easiest and fastest way for the bad guys to get to your system. Always be aware of what you are clicking on.
- Use e-mail filtering options whenever possible.E-mail or spam filtering can stop a malicious message from reaching your inbox. OIT provides email and spam filtering as a part of our email system. Currently, we block approximately 60% of all email messages being delivered to the institution. Some still get through because they look like legitimate email messages to our filters. For your personal email account, see if your service provider provides email and spam filtering options.
- Install and maintain up-to-date antivirus software. Your SRSU supplied computer uses ESET anti-virus to keep your system safe. Keeping your operating system updated with the latest virus definitions will ensure that your security software can detect the latest malware variations.
- Update all devices, software, and plug-ins on a regular basis. Check for operating system, software, and plug-in updates often — or, if possible, set up automatic updates — to minimize the likelihood of someone holding your computer or files for ransom. Your SRSU supplied machine is set to allow automatic updates. Always allow the system to perform this function as it helps keep your computer one or two steps ahead of the bad guys.
- Back up your files and use OneDrive and Sharepoint. Back up the files on your computer, laptop, or mobile devices frequently so you don’t have to pay the ransom to access locked files. OIT recommends you store all your files on OneDrive or Sharepoint.
If you believe you have an email in your Inbox that is a phishing or social engineering attempt, send that message to email@example.com as an attachment so it can be analyzed by OIT.
If you click on a link and believe it is malware, ransonware or other attempts to steal your identity or data, change your password immediately using Lobopass and contact LTAC for further assistance.
Follow us on Twitter @SRSUOIT
Like us on Facebook SRSUOIT