School navigation

Information Technology

Malware - Ransomware

Ransomware is a serious threat to the integrity of our organization’s data and targeted attacks have increased 300% since 2015. (source: FBI)

Ransomware is a PC or Mac-based malicious piece of software cyber actors use to deny access to systems or data until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted. 

Ransomware infects PC or Mac systems through phishing emails, unpatched programs, compromised websites, online advertising and free software downloads.

Ransomware uses RSA 2048 encryption, which would take an average desktop computer 5.4 quadrillion years to crack. (source: Ransomware Hostage Rescue Manual, Adam Alessandrini.)

Ransomware demands payment in the form of bitcoins (BTC), which are an anonymous form of payment exchange and are untraceable.  Bitcoins are used for legitimate purposes, however they have also made an increase in ransomware payment possible.  There is no guarantee that you will be able to decrypt your files after you pay and there have been cases where payment was given and no key to decrypt the data was received.

Symptoms

  • You cannot open your files and the files have an abnormal extension (ie: locky).
  • You receive an alarming message with instruction on how to pay to unlock your files.
  • The ransomware program threatens you with a countdown until the ransom increases or you will not be able to decrypt your files.
  • The ransomware program window cannot be closed.
  • You have files named ‘HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML’.

Response

  1. Disconnect everything (turn off wifi, bluetooth, unplug from the network)
  2. Determine scope of infection (check USB storage devices, mapped network drives, cloud based storage)
  3. Determine ransomware strain 
  4. Remove ransomware from your infected system
  5. Restore from a recent backup 
  6. Try to decrypt your files using a 3rd party decryptor (very unlikely you will succeed)
  7. Do nothing (lose access to your data)
  8. Pay the ransom (no guarantee you will be able to decrypt your data)
  9. Protect your self in the future

How to protect yourself

  • Use anti-virus/malware software
  • Keep all your software patched, including third party plug-ins used for websites
  • Enable your system’s firewall
  • Do not download free or un-signed (untrusted) software
  • Do not open attachments or visit links in emails unless you explicitly requested them; visit the website yourself
  • Do not respond to phishing emails, which pretend to be legitimate sources and will either send you to another website to gather your information or infect your system
  • Backup your data often so you can recover your files

Other Information on Ransomware:

  • US-CERT Alert: Ransomware and Recent Variants (https://www.us-cert.gov/ncas/alerts/TA16-091A)
  • CSO Online: How to Prepare for and Prevent Ransomware Attacks (http://www.csoonline.com/article/3088066/backup-recovery/how-to-prepare-for-and-prevent-ransomware-attacks.html)
  • Ransomware Hostage Rescue Manual (http://resources.idgenterprise.com/original/AST-0148364_Ransomware-Hostage-Rescue-Manual.pdf)
  • CSO Online: Tricks that Ransomware Uses to Fool You
  • University pays $16,000 to recover crucial data held hostage (http://arstechnica.com/security/2016/06/university-pays-almost-16000-to-recover-crucial-data-held-hostage/)

L&C Information Security Awareness:

https://www.lclark.edu/information_technology/security/awareness/

System Status

  • All systems are up and functioning.

  • Apple has recently released their new operating system for iMacs called Mojave.  Until we’ve had a chance to run the new OS through our vetting process, we would strongly encourage you to hold off upgrading your computers for the time being.  We will let you know once we feel confident that our network, tools and software will work properly with Mojave. 

  • Departmental printing is now being handled by the Lewis & Clark Print Center.  The Print Center is happy to take care of your print requests!  Give them a call at x7768 for assistance.

  • The IT Service Desk has implemented a phone tree to better service the campus community.  Please listen to the new prompts the next time you call x7225.

  • Need help connecting to Wi-Fi? Click here!

Information Technology

Contact Us