What is Ransomware?
Ransomware can take different forms, but in its essence it denies access to a device or files until a ransom has been paid usually in the form of Bitcoins (a form of cryptocurrency that have no physical representation and can be transferred anywhere in the world via the internet) an ideal form of payment for illicit activities.
How do you get infected?
You can get infected by:
Email
Opening an email attachment disguised as an innocuous file.
Drive by download
Visiting a compromised website with an old browser or software plug in or an unpatched 3rd party app.
Free software
Downloading free versions of software.
What are the symptoms?
• You suddenly cannot open normal files and get errors such as the file is corrupted or has the wrong
extension.
• An alarming message has been set to your desktop background with instructions on how to pay to
unlock your files.
• The program warns you that there is a countdown until the ransom increases or you will not be able to
decrypt your files.
• A window has opened to a ransomware program and you cannot close it.
• You see files in all directories with names such as HOW TO DECRYPT FILES.TXT or
DECRYPT_INSTRUCTIONS.HTML
What should I do if my PC has been infected?
- Do not follow any of the advice on your computer screen
- DO NOT PAY THE RANSOM
- Do not plug in any USB storage device in an attempt to recover backed up data
- Disconnect your computer from the power supply immediately
- You must report the incident to IT Services itav@sgul.ac.uk
How can I protect myself from ransomware attacks?
To protect yourself, follow this advice:
- Be very suspicious of unsolicited emails, especially those that ask you to open an attachment (Ransomware emails have attachments which they will encourage you to open. The types of attachments seen to date have been .zip, .rar, .wav, .tar, .tsg but you should be vigilant about all zipped attachments. You should only open a zipped attachment if you are expecting one from a known source and you are satisfied that the email is genuine.)
- If in doubt, verify the authenticity of the message before proceeding
- If you open an attachment and have second thoughts, stop immediately
- It is vital that you have the means to recover data that might be lost through Ransomware or other cause. St George's strongly recommends that you back up your data to the network drives
- If there is not enough space on your network drives, contact the itav@sgul.ac.uk to increase your quota.