Ransomware

WHAT IS IT?

Ransomware is malicious software that infects a computer and then restricts a user's access to their documents until a financial ransom is paid. There are many types of ransomware, but most begin with a phishing email attempting to trick you into downloading or installing the ransomware or seeking your credentials so it can do so itself. Some ransomware attacks begin with a phone call from someone posing as tech support claiming that they detected a problem with your computer and need you to install software to help repair it. Once the ransomware is installed on the victim's computer, it starts encrypting your files. More recently, some ransomware criminals have employed what is called a ‘double extortion' in which along with encrypting your data, they also steal confidential files and threaten to make them public if you don't pay the ransom.

We have seen ransoms anywhere from a few hundred dollars to a few million dollars, depending on the type of information that is being held or how many computers are infected.

Educational institutions have reported cases where faculty and researchers had to resort to back up files for terabytes of data because their computers were infected with ransomware, and in a few instances paid ransoms of half a million dollars or more to regain access to proprietary research data.

HOW DO I DEFEND MYSELF?

The sensitivity and interconnectedness of information found at the Green River College makes it an attractive target. Student and employee data are parts of the every-day operations at the college. Protecting that data and information is our shared responsibility.

To begin with, learn how to spot and report Phishing. Many ransomware attacks begin when someone clicks on a phishing message, and either accidentally gives their credentials to the criminals or is tricked into installing the software.

Next, follow basic steps to protect your computer and your data. Some ransomware exploits vulnerabilities in your computer operating system (Windows or Mac), or applications on your computer, to install itself. Installing patches and updates is crucial to get the latest security fixes. Lastly, be sure to have backups of both your computer and your data, so that should the worst happen, you can recover without resorting to paying a ransom to cyber criminals.

See the “Protect My Computer” <add link> page for more information on how to patch and backup.

WHAT IF I THINK I HAVE A RANSOMWARE INFECTION?

At the first sign of a ransomware infection, turn off - or even quickly unplug - your computer. You might be able to catch it soon enough before many files are encrypted and prevent further damage.

Alert your local IT Support for a personal device or the GRC IT Helpdesk for a GRC device. For ransomware instances involving GRC devices, the GRC IT Helpdesk will engage the GRC EOC Security Incident Response Team and can get law enforcement involved if needed.

The FBI does not encourage paying a ransom to criminal actors. According to the 2020 IC3 Annual Report, “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim's files will be recovered.”

 More information