Ransomware

What is Ransomware and how does it work?

Ransomware is a form of malware that encrypts or locks files or locks a user out of their computer. The files cannot be decrypted or unlocked or your computer unlocked without the “mathematical key” or password provided by the attacker. The key or password is only made available once a “ransom” has been paid to the criminal/s who installed the Ransomware.

There are a number of ways (vectors) ransomware is delivered. The most common method is via links or attachments in phishing emails. This is made easier for the attacker if the “owner” of the computer has administrative privileges. The more aggressive forms of ransomware exploit security holes (vulnerabilities) in operating systems or software to infect computers.

Once installed, the Ransomware encrypts or locks all files on the infected computer and any attached (either by cable or network) storage facilities (Barney, OneDrive etc) or devices (portable hard drives, USB sticks etc).

What can you do to prevent it?

  • Don't open attachments or click on links in emails:
    • from unknown sources; or
    • if the source is known but you’re not expecting an email with (or without) an attachment or link or it’s out of context; or
    • if it just doesn’t look right. If you’re not sure, contact the IT Service Desk for help.
    • Delete the email and empty your deleted emails folder.
  • Don’t use random USB sticks;
  • Don’t download software from untrustworthy websites.
  • Make sure your computer software and operating system is up to date by installing patches and updates straight away. (While computers connecting to the UNE domain are automatically updated, you still need to ensure the updates have installed successfully)
  • Ensure your antivirus is running and up to date.

What else can you do?

  • Don’t have or request Administrative privileges to be enabled on your computer unless you actually need them. Administrative privileges should only be enabled on an as required basis. If you really need to download approved software, the IT ServiceDesk can enable administrative privileges for that purpose and then disable them again.
  • Don’t store official UNE records on your computer.
  • Regularly back up any other data.
  • Make sure that if you are using backup devices such as portable hard drives, they aren’t connected to your computer unless data is actually being backed up and do so while off line.

What do you do if your files are encrypted or locked?

  • Disconnect your computer from the network immediately (both cable and wireless) and call the IT Service Desk for help on ext 5000.
  • Don’t pay the ransom. Ransom payments don’t guarantee the recovery of your data and could encourage the attacker to make further (and larger) demands. Paying the ransom keeps criminals in business!