What is Ransomware?
Ransomware is a type of malicious software (malware) that seeks to infect and take control of a computer, encrypting files and documents stored locally and on network shares. The ransomware may lock the computer, prevent normal usage or encrypt the documents and files on it, preventing access. Ransomware is becoming an increasingly popular way for malware authors to extort money from companies and individuals alike.
Once the encryption process has completed, a ransom demand will be displayed, usually via a text file placed alongside the now unreadable documents or as a webpage in the web browser. This type of malware instructs its victims to pay the ransom through certain online payment methods, usually Bitcoin, in order to restore access to their systems or data.
The ransom prices vary, ranging from £20 to more than £5,000. It is important to note, however, that paying the ransom does not guarantee that users will be granted access to their systems or data.
Ransomware spreads through e-mail attachments, infected programs and compromised websites.
Watch this video to find out more.
What should I do if my computer has received ransomware?
Kill the power immediately!
The moment you think something is wrong, kill the power to your machine by unplugging it, and telephone the IS Service Desk on ext. 3000.
The only way you can stop these infections from continuing is if they don’t have power. Once they are running, they will continue to encrypt all accessible documents, including those on network shares, until no more can be found.
If you believe your computer is infected with ransomware, the IS Service Desk team will remove the hard drive from the computer, scan it, and remove any infections before returning power.
If the drive is infected and you power it back on, the ransomware will continue to encrypt documents.
Contact the IS Service Desk
Telephone ext. 3000 (0131 455 3000 from an external line).
The IS Service Desk team will disconnect the infected system from the network and remove the threat, as well as restoring any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
Do not pay the ransom!
Paying the ransom may seem like the only option at the time, but it is only encouraging and funding these attackers. Even after paying the ransom, there are no guarantees that you will actually regain access to your files.
Remember that these are the same aggressors that are holding your files hostage in the first place. Paying the ransom can actually increase the likelihood that you will be directly targeted for additional extortion attempts.
How to avoid ransomware
- Refrain from opening links and attachments that look suspicious.
Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Dangerous emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
- Save your work and documents in University managed locations, such as your H drive or shared staff work place.
Ensuring that your important documents and data is saved on your H Drive or shared staff work place means that your work will be backed-up regularly and restorable from previous points in time. Files or documents that are stored locally aren't being backed up and therefore can't be restored in the event that they're encrypted by ransomware.
And at home:
- Be sure to back up your most important files on a regular basis, ideally to a separate drive which isn't connected to your computer except when a backup is being made.
- In the event a suspicious process is spotted on your computer, turn off the power immediately and seek assistance
- Avoid giving out your email address where possible.