Protect yourself from ransomware

(iStockphoto)
(iStockphoto)

October is National Cybersecurity Awareness Month, and Vanderbilt IT has launched its second annual campaign to make the Vanderbilt community aware of various security issues and how to respond to each through a series of blog posts.

New posts will be published Thursdays on the VUIT News Blog throughout the month of October.

This second post focuses on ransomware. Ransomware is a type of malware that prevents a user from accessing his or her system through various forms of encryption. To decrypt these systems, users must submit a key. However, hackers and other malicious users request a form of payment, or ransom, from the user in exchange for the key.

Typically, ransomware is sent through several spoofed channels, and payments are usually requested in “Bit tokens,” making the assailant practically untraceable. By design, these threats leverage an encryption capability that is intended to be impossible to crack. Because of this, at times paying the ransom seems to be the only way to resolve the threat. However, maintaining offline backups of important data will empower users to ignore the threat of ransomware. Offline means that the backed-up files are neither immediately available nor connected to the system through USB or network connections. (Some ransomware has the ability to encrypt shared file systems or cloud-based file systems that are mounted to the system.)

A system can be exposed to ransomware through email, web browsing, advertisements and other forms of malware. Ransoms have ranged from $200 to reported cases of $10,000 or more.

Ransomware can be avoided by practicing the following safe browsing habits:

  • Never click on pop-ups.
  • Ensure OS and browser(s) are up to date and/or patched.
  • Maintain an active, up-to-date firewall software.
  • Never respond to spam emails.
  • Only open known or expected email attachments.
  • Do not click on links in emails. Always copy and paste links to a browser.
  • Avoid using a personal email account to register for random or short-term services.
  • Avoid using peer-to-peer (P2P) network programs.
  • Use a reliable site adviser, such as McAfee SiteAdvisor, to help you avoid potentially malicious sites.

If a work machine is infected, please contact the VUIT Help Desk or your local support personnel.

If a personal machine is infected, follow the steps below:

  • Restart your computer and turn off all network access by unplugging the ethernet cable on a desktop or flipping the wireless switch to the “off” position on a laptop.
  • Boot into safe mode. Safe mode can enable an antivirus program to remove the infection.
  • Search online for the type of ransomware infecting your machine and the best ways to remove it. There may be programs available for older ransomware that can help decrypt files.
  • Reload the operating system if all important documents have been backed up. Some anti-malware programs can remove infections; however, viruses can hide in system files, making them invisible to these programs.

Please check the VUIT News Blog frequently to stay abreast of the tools you can use to protect yourself not only from ransomware, but other types of vulnerabilities as well. For more information about how ransomware works or how to protect yourself, contact VUIT Security Operations at vuit.security.operations@vanderbilt.edu.