Definition Wednesday: What is Ransomware?

Ransomware is malware that gets installed on a user’s computer using a social engineering attack where the user gets tricked into clicking a link or opening an attachment. Once the malware is on the machine, it starts to encrypt all data files it can find on the computer itself and on any network shares the computer has access to.

Next, when a user wants to access one of these files they are blocked, instructed that the files are taken ransom, and how to pay the ransom to decrypt the files. Current strains of ransomware are Petya, CryptoLocker, CryptoWall and CryptorBit. CryptoWall has generated over 300 million dollars in criminal revenues.

Once these files are encrypted, the only way to get them back is to restore a recent backup or pay the ransom.

Paying the criminals is usually an amount of about $500 within the first deadline, and when the first deadline expires, the ransom doubles. They require to be paid in untraceable crypto-currencies like Bitcoin. Bitcoin is a new kind of money (call it a digital currency). The actual amount demanded may fluctuate.

Ransomware has proven itself to be a successful criminal business model so many more ransomware strains are expected to be developed in the near future.

Ransomware on the Auburn Campus

Auburn University utilizes multiple tools to block these types of threats from being executed; however, they can and do still occur. In the last month, there have been at least two incidents of ransomware that encrypted desktop computers on the Auburn Network and then demanded payment. Fortunately in both cases, the incidents were isolated before it spread across the network.

Ransomware Prevention

The best way to prevent a ransomware infection is to not rely on just one solution, but to use multiple, layered, solutions for the best possible protection.

Safe Email Practices
Two simple safe email practices can save you a lot of headache.

  • Do NOT open unsolicited attachments. Ransomware is known to come in zip files, Microsoft Office documents (Word and Excel), and JavaScript files. Even be cautious opening an attachment from someone you know.
  • Do NOT click links within emails. Instead type in the URL of the website you need to visit.

Backup Solutions
In the event of a catastrophic event such as a malware attack, ransomware or complete system failure, it’s essential to have your data backed up. Many have been able to quickly and fully recover from a ransomware attack because their data was backed up and safe. We recommend using an online storage service and an external hard drive at the same time as the best possible backup solution.

AntiVirus and AntiMalware Software
While antivirus is highly recommended, you should have multiple layers of protection in place. It is not wise to solely rely on antivirus software to keep your PC secure, as it cannot prevent infections from zero-day or newly emerging threats. Most antimalware software like MalwareBytes is designed to run alongside Antivirus products, and it’s recommended you have both in place.

Computer Configuration and Maintenance
Here are a few suggestions to limit your computer's exposure to these risks:

  • Patch your operating system and keep your browsers (Chrome, Firefox, Edge, Internet Explorer) updated.
  • Do not stay logged in as an administrator any longer than necessary. Avoid browsing, opening documents, or other regular work activities while logged in as an administrator.
  • Do not enable macros (e.g. Microsoft Products) in document attachments. Instruction on how to disable macros.

How To Stay Protected Against Ransomware by Sophos

If you fear you opened a bad attachment or notice odd activity on your computer contact your IT Provider or the OIT HelpDesk.

Last Updated: August 23, 2016