August 2018: Are You Ready for Ransomware?

min read

Campus Security Awareness Campaign 2018
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View all 12 monthly blog posts with ready-made content by visiting our security awareness resource page.

Ransomware is a type of attack that encrypts your computer, phones, or mobile devices. Hackers will then demand that you pay a ransom to regain access to your information. Once a device is infected, it's too late to recover the "hostage" information. Everyone should understand the effects of ransomware and be prepared before an attack occurs. Increase awareness on your campus by customizing and sharing the following content.

Get the Word Out

Newsletter or Website Content

What Is Ransomware?

Ransomware is a type of malicious software that encrypts your files. Often, the only way to decrypt and gain access to the files is by paying a "ransom" or fee to the attackers. The attackers might provide the decryption key allowing you to regain access to your files. Ransomware may spread to any shared networks or drives to which your devices are connected. We are continuing to see ransomware attacks and expect their frequency to increase.

How Can I Get Infected with Ransomware?
Common vectors for ransomware attacks include e-mails with malicious attachments or links to malicious websites. It's also possible to get an infection through instant messaging or texts with malicious links. Antivirus may or may not detect a malicious attachment, so it's important for you to be vigilant.

How Can I Protect Myself Against Ransomware?
There are two steps to protection against ransomware:

  • Preparation. Back up your information regularly. Once a ransomware infection occurs, it's often too late to recover the encrypted information. Your research project or other important information may be lost permanently. For more information on backups, visit RIT’s best practices web page.
  • Identification. Ransomware typically appears as phishing e-mails, either with links to malicious websites or infected files attached. You might also see a ransomware attack perpetrated through a pop-up telling you that your computer is infected and asking you to click for a free scan. Another possible vector is malvertising, malicious advertising on an otherwise legitimate website.

Probably the Most Important Steps You Can Take to Prepare…

  • Ensure that your information is backed up regularly and properly. Because ransomware can encrypt the files on your computer and any connected drives (potentially including connected cloud drives such as Dropbox), it's important to back up your files regularly to a location that you're not continuously connected to. To determine the backup capabilities available to you contact your IT service desk.
  • Ensure that you're able to restore files from your backups. Again, work with your IT support personnel to discuss how to test restore capabilities.
  • Ensure that antivirus/antimalware is up to date and functioning. Antivirus may detect malicious attachments.
  • Ensure that you're keeping your system (and mobile devices) up to date with patches. If you're prompted by your computer or mobile device to accept updates, accept them at your earliest convenience.
  • Don't do day-to-day work using an administrator account. A successful ransomware attack will have the same permissions that you have when working. (If you're not using an account with administrator privileges, the initial attack may be foiled.)

What Do I Do If I Think I'm Infected?

  • Report the ransomware attack to your service desk immediately.
  • Isolate or shut down the infected computer. (If you're on Wi-Fi, turn off the Wi-Fi. If you're plugged into the network, unplug the computer. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives.)
You have enough to worry about. #lockdownURlogin Lock Down Your Login
Source: STOP. THINK. CONNECT. lock down your login cat meme

Figure 1. Use this image to support your message

Social Posts

Note: These are Twitter-ready, meeting the 140-character length restriction.

  • Are you ready for a #ransomware attack? Back up your data today! #CyberAware
  • Don't wait until it's too late! Prepare for #ransomware attacks by backing up your data today. #CyberAware
  • What's the fastest growing cyberattack today? Read these @StaySafeOnline facts & tips about #ransomware: https://staysafeonline.org/resource/stop-think-connect-ransomware-facts-tips/ #CyberAware
  • Don't let your data be kidnapped! Protect your devices & personal info today. #Ransomware #CyberAware
  • The first & best line of defense is a good offense. Report #ransomware & phishy e-mails to your IT dept. #CyberAware

E-Mail Signature

Ask staff members to add a tip to their e-mail signature block and link to your institution's information security page.

Example:

Jane Doe

Information Security Office

XYZ College

Are you ready for ransomware? Make sure your data is backed up and you're able to restore it! Learn more. [Link "Learn more." to your institution's information security department page or the FBI's tips for dealing with the ransomware threat.]

Embed or Share Videos

What Is Ransomware and How Can I Protect Myself? (2:56 min)


What Is Ransomware, How it Works, and What You Can Do to Stay Protected (2:45 min)

Resources

Share these resources with end users or use them to inform your awareness strategy:


Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).

© 2018 EDUCAUSE. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.