皇家华人

Ransomware

WHAT IS IT?

Ransomware is malicious software that infects a computer and then restricts a user's access to their documents until a financial ransom is paid. There are many types of ransomware, but most begin with a phishing email attempting to trick you into downloading or installing the ransomware or seeking your credentials so it can do so itself. Some ransomware attacks begin with a phone call from someone posing as tech support claiming that they detected a problem with your computer and need you to install software to help repair it. Once the ransomware is installed on the victim's computer, it starts encrypting your files. More recently, some ransomware criminals have employed what is called a 鈥榙ouble extortion' in which along with encrypting your data, they also steal confidential files and threaten to make them public if you don't pay the ransom.

We have seen ransoms anywhere from a few hundred dollars to a few million dollars, depending on the type of information that is being held or how many computers are infected.

Educational institutions have reported cases where faculty and researchers had to resort to back up files for terabytes of data because their computers were infected with ransomware, and in a few instances paid ransoms of half a million dollars or more to regain access to proprietary research data.

HOW DO I DEFEND MYSELF?

The sensitivity and interconnectedness of information found at the 皇家华人 College makes it an attractive target. Student and employee data are parts of the every-day operations at the college. Protecting that data and information is our shared responsibility.

To begin with, learn how to spot and report Phishing. Many ransomware attacks begin when someone clicks on a phishing message, and either accidentally gives their credentials to the criminals or is tricked into installing the software.

Next, follow basic steps to protect your computer and your data. Some ransomware exploits vulnerabilities in your computer operating system (Windows or Mac), or applications on your computer, to install itself. Installing patches and updates is crucial to get the latest security fixes. Lastly, be sure to have backups of both your computer and your data, so that should the worst happen, you can recover without resorting to paying a ransom to cyber criminals.

See the 鈥淧rotect My Computer鈥 <add link> page for more information on how to patch and backup.

WHAT IF I THINK I HAVE A RANSOMWARE INFECTION?

At the first sign of a ransomware infection, turn off - or even quickly unplug - your computer. You might be able to catch it soon enough before many files are encrypted and prevent further damage.

Alert your local IT Support for a personal device or the 皇家华人 IT Helpdesk for a 皇家华人 device. For ransomware instances involving 皇家华人 devices, the 皇家华人 IT Helpdesk will engage the 皇家华人 EOC Security Incident Response Team and can get law enforcement involved if needed.

The FBI does not encourage paying a ransom to criminal actors. According to the 2020 IC3 Annual Report, 鈥淧aying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim's files will be recovered.鈥

 More information

  • Protect My Computer <add link> Tips from the 皇家华人 Information Security Officer
  • 皇家华人 Security Awareness Training <add link> Annual online training that includes information on ransomware
  • Ransomware information
  • Safety tips from Microsoft