Skip to content

Ransomware

Ransomware is a type of malware that infects systems and locks the system or encrypts files located on the systems or connected network shares.  The users are often extorted for money via an on-screen alert. The notification typically states that they user's system has been locked or the files encrypted and that they must pay a specific dollar amount, frequently ranging from $200-$400, via a virtual currency for access to be restored.

Widely known variants of ransomware:
Xorist, CryptorBit, Locky, Cerber, Cryptolocker, and SamSam (a.k.a. MSIL/Samas.A).

How is ransomware installed?
Ealier versions of ransommware, such as CryptoLocker,  were dependant on a user to open on malicious attachments from phishing emails and would sniff out and encrypt specific file types on the user's system.  

Current versions can infect systems via drive-by downloading, through social media (such as Web-based instant messaging applications), or from exploits being uploaded via vulnerable Web servers. 

Impact
Ransomware can find and encrypt files located on local drive and attached drives, such as USB drives, shared network drives, external hard drives, network file shares, and even some cloud storage drives.  Not only can this affect the files of the user, but it could affect the files of an entire department if the files on a shared network resource are encrypted.

Prevention
US-CERT recommends users and administrators take the following preventative measures to protect their computer networks from a CryptoLocker infection:

  • Conduct routine backups of important files, keeping the backups stored offline.  In particular, regularly backup and test the backups of critical data.
  • Maintain up-to-date anti-virus software and scan all software downloaded from the internet prior to executing.
  • Keep your operating system and software up-to-date with the latest patches.
  • Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Use caution when opening email attachments. For more information on safely handling email attachments read Recognizing and Avoiding Email Scams (pdf), and Refer to the Security Tip Using Caution with Email Attachments.
  • Follow safe practices when browsing the web. For further reading on Safe Browsing habits, see Good Security Habits and Safeguarding Your Data.

What to do if you are infected
Turn off your computer and disconnect it from the network.
Contact IT Service Desk.