What is ransomware?
Ransomware is a type of malware and an increasingly common and highly destructive cyber threat. Once a single system or device is infected, ransomware spreads quickly to other connected systems and mounted devices. Ransomware is used to target individuals, corporations, universities, hospitals, utility companies, cities and nation-states. Ransomware encrypts data and locks systems and devices, denying access and a decryption key until a ransom is paid, usually in Bitcoin. Payment of a ransom does not guarantee receipt of the decryption key.
How does a ransomware infection occur?
The most common method of ransomware infection is via clicking a malicious link or attachment in a phishing message, or by enabling a macro contained in an attachment that you open.
Are phishing and ransomware just email based threats?
No, although ransomware infections commonly occur via phishing emails, they can also occur via text messages, social media updates and connection requests, as well as any electronically shared attachments or short links. Ransomware may also be present in clickable elements on malicious websites, “free downloads”, as well as clickable elements in web pop-ups.
How serious is the ransomware threat in Higher Education?
Data Scientists have reported that Higher Education has the highest rate of ransomware across all industries.
What is the best way to recover from a ransomware infection?
The best way to recover from ransomware infections is to wipe your device and restore data from a trusted back-up. You should regularly back-up your data, and make sure you have an offline backup that you periodically test.
What can I do to prevent ransomware infections on my devices?
- Do not click on links, open attachments or enable macros in unexpected messages without confirming the legitimacy of the message received.
- Confirmation should be sought using a trusted form of communication such as a publicly available phone number from a trusted website.
- Be wary of “free” downloads from unknown/untrusted sources, and social media connection requests and shared attachments/links from people you don’t know.
- Use antivirus/malware protection software on your devices, and make sure to perform updates regularly. This software will protect you from all known vulnerabilities.
- Regularly update systems, software, browsers and browser plug-ins.
What should I do if I know or suspect that I have a ransomware infection?
- If you see a ransom message displaying on your device or if you see file extensions beginning to change, immediately disconnect your device from the network and all connected systems and mounted devices and power off your device. Next, for assistance, send an email to GOIS, security@nyu.edu, the NYU IT Service Desk, AskIT@nyu.edu, your supervisor, your local IT admin, and help desk (if you have one) with the following subject line: “URGENT Ransomware”.
- Do not attempt to reply to or forward the known or suspected phishing message to anyone other than security@nyu.edu.
Thank you for your partnership in keeping NYU secure!