Ransomware Quick Tips

As ransomware attacks continue to make headlines, ITS wants to remind Pioneers of how to protect themselves and the University from cyber attacks.

What is ransomware? 

Ransomware is a type of malware (malicious software) that encrypts or blocks access to an individual’s or organization’s network, computer system, files or data. Victims are left unable to access or retrieve what has been encrypted unless a ransom is paid to the attacker. 

Why is it important to know about this?

Ransomware can affect any individual or organization, but colleges and universities have become targets due to the types of data collected and stored (such as student records, financial records and health data). According to EDUCAUSE, “education is the most affected sector for malware attacks when compared to other industries like business and professional services, retail and consumer goods, and high tech.” (see The Increasing Threat of Ransomware in Higher Education)

How is it delivered?

Malware needs to be installed on the host system before data is encrypted and a ransom is demanded. Here are some specific techniques commonly used for initial access to the system:

1. Phishing/spear phishing—Attackers send infected attachments to download or a link to click.
2. Exploitation—Vulnerable applications and operating systems leave exploitable entry points for attackers.
3. Drive-by downloads—Occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
4. Removable media (like a USB drive)—Infected media containing malicious software, typically found or gifted, is downloaded by unsuspecting users.
5. Valid account—An attacker has a legitimate password and uses the valid credentials to authenticate into the target account or system.

What can I do?

1. Back up your data—If you have a backup of your data, you can simply restore it if faced with ransomware. This is the best recovery option.
1. Cloud storage provided by TWU (Google Drive and Office 365) are automatically backed up.
2. X Drive network storage is backed up often by TWU IT Solutions.
3. Regularly back up your data on an encrypted drive with a minimum 128-bit encryption algorithm (how to encrypt a drive using BitLocker).
2. Practice data minimization—This principle involves limiting the collection of data to only what you need to fulfill a certain purpose. Only access, process and store the necessary data you need and then properly destroy data when appropriate.
3. Always think twice before clicking on links or opening email attachments, even if they look like they're from someone you know.
4. Keep your operating system, software, and mobile apps up-to-date with the latest patches and maintain current anti-virus software.
5. Visit secure and trusted websites and do not click on advertisements.
6. Any lost USB drives you may find (like in a parking lot or local coffee shop) or USB drives you're given at public events (like conferences) could very easily be infected with malware. Never use such devices for work—use only authorized devices.
7. Update default username and passwords for all accounts and systems, including home Wi-Fi Access Points. Use unique, long passwords/passphrases for each account.

How do I report ransomware?

Ransomware is a crime, and the Federal Bureau of Investigation (FBI) discourages paying cyber criminals the ransom they desire. There is no guarantee that the data will be restored once a ransom is paid and it incentivizes criminal behavior. If you are a victim of ransomware and believe University data is at risk, follow these steps:

• Contact the TWU Service Desk to report the incident.
• File a report with the FBI’s Internet Crime Complaint Center (IC3)—the TWU Information Security team can assist.

Page last updated 9:43 AM, July 9, 2021