Ransomware Infections

Overview

Ransomware is a type of malware that prevents or limits users from accessing their system and/or data by encrypting it. It then forces its victims to pay a ransom in order to obtain the correct keys necessary to decrypt these files. 

Effective recovery utilities are rare, due to encryption methods used by the ransomware.  At best, a backup copy may be restored. At worst, ransomware variants can unknowingly damage the backed up copies beyond our backup retention.

Tips for Avoiding Ransomware 

• Be suspicious of all attachments, even from known contacts. If you didn’t expect an attachment, proceed with extreme caution. 
  • One common infection method is an email with a ZIP attachment or a malicious web link. For example, you receive an email with an invoice attached as invoice.zip. The ZIP attachment contains a seemingly harmless file (invoice.pdf, for example) but opening that file triggers a ransomware infection.
• Do not click links in email unless sure it is a safe and expected site. Some propagators of ransomware have started sending bogus hyperlinks instead of attachments. Hover your mouse over hyperlinks to reveal the address and compare that address with the link in the email to confirm they match.
• Backup data on your computer often. Store this backup in a separate, secure location offline or online. 

How to Report an IT Security Incident

• Web - Report an incident by using the IT security incident form.
• Phone - Report an incident by calling the IT service desk @ 612.343.4170
• In person - IT Service Desk, Miller Hall