Ransomware affects businesses, schools, hospitals, and yes, your personal computer. This type of malware is used by Cybercriminals to block access to a computer system and encrypt its files until a sum of money is paid, usually in bitcoin. Generally, there is a time limit set on the ransom and if the sum isn’t paid during that time, all files will be lost. Sometimes the Cybercriminal will provide a second option to a fine that includes passing on the infected link to other computers in order to receive the decryption key, free of charge.
A user receives an email or a link that contains an urgent message that could be from someone they work with or a bank account notification. That email contains an attachment — the ransomware! Once the ransomware is downloaded, it infects the computer and encrypts the data. Then, a message appears demanding a fee of hundreds or thousands of dollars for the decryption key, or in some cases, the option to forward on the infected link to others. If the fee is paid in time or the link is forwarded on, the cybercriminals claim the info will be restored…but there is no guarantee they will provide the decryption key.
Below are examples of a phishing email with encrypted Word documents that are infected with ransomware. The body of the message has the password for the document. Using encryption allows the attachment to bypass virus scanning mail filters. The body has text like that in one of the following messages:
Hello
You are going to be billed $ X,xxx.xx on your personal Visa card right away.
Go through attachment to avoid it.
Password to view the attachment is NNNN.
Best regards,
——————————-
You will be charged USD Y,yyy.yy on your Mastercard balance shortly.
Check out attachment to avoid it.
Password for the attachment is NNNN[Both messages came with an attachment, an encrypted Microsoft Word Doc titled Scan_.doc]
The most common methods cybercriminals use to enact their ransomware include spam email campaigns, security exploits in vulnerable software, and SMS messages. Also, antivirus software is not always able to detect the ransomware. Therefore, stay smart about questionable material and Think B4 U Click!
Backups are your best defense
The only way to ensure your files are secure in this situation is to be sure your information is backed up. If it is, you can ignore the cybercriminal’s ransomware demands. Your files can be recovered. Contact your departmental IT staff or the IT Support Center if you need assistance restoring your system and recovering your files.
The University has negotiated a 25% discount on Code42’s CrashPlan for Home product for anyone with an @udel.edu email address. For the most up-to-date information on this offering, go to the “Buy Personal” page at the UD Computing Purchases website. Scroll down the “Buy Personal” page to the information about CrashPlan for Home.
If you are a victim of ransomware and your files are not backed up, contact the University IT Support Center via help request form or call them at 301-831-6000 or email them at consult@udel.edu.
To learn more about ransomware, take a look at our past articles on the topic: