What is Ransomware?
According to the FBI, “Ransomware is a type of malicious software cyber actors use to deny access to systems or data.” Typically, the malicious actor will hold the system or data hostage via encryption using a private key that only they know. The only way for the victim to regain access to their system or data is to pay the ransom fee to the malicious actor. If the ransom is not paid, the data will remain unavailable or be deleted by the malicious actor or the ransomware itself. In addition, ransomware may spread to storage drives and other systems present on the network.
How Does Ransomware Get Installed on a System?
Ransomware can be installed on a system through the following means:
- According to Symantec, “Ransomware is predominantly found on suspicious websites, and arrives either via a “drive-by download”, stealth download or through a user clicking on an infected advert. Some distribution via email has also been seen.”
- Remote installation via a software vulnerability.
- Opening or clicking on a malicious attachment or link found in an email.
Below is an example of CryptoLocker, a common ransomware variant.
How Do I Protect Myself?
Prevention is one of the best methods to defend against ransomware. Below are several steps you can take to prevent ransomware from being installed on your system:
- Ensure proper anti-virus and anti-malware software is installed on your machine and that it is updated regularly. Please note, Fordham offers free antivirus software to students and faculty here.
- Ensure your Operating System and programs have received the most current updates. Attackers can easily exploit vulnerabilities in out-of-date software.
- Regularly backup your computer and important files. This allows you to have a recovery option in place so your data is not lost forever. If using portable media, make sure the device is removed once the backup is complete.
- Do not click on or open any suspicious links, pop-ups, or attachments. If you come across questionable or suspicious emails or websites, contact IT Customer Care immediately and allow the University Information Security Office (UISO) to validate the respective content.
Paying a Ransomware Fee
As per the FBI:
“We do not encourage paying a ransom. We understand that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. As you contemplate this choice, consider the following risks:
- Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom.
- Some victims who paid the demand have reported being targeted again by cyber actors.
- After paying the originally demanded ransom, some victims have been asked to pay more to get the promised decryption key.
- Paying could inadvertently encourage this criminal business model.”
Useful Links
The FBI provides a more in-depth description of what ransomware is and what can be done to avoid becoming a victim.
The SANS Institute newsletter provides further information on ransomware and steps that can be taken to protect against it.
http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201608_en.pdf