Home / Content / Ransomware: The Newest Threat

Ransomware: The Newest Threat

What is Ransomware?

Ransomware is a type of malware aimed at holding something hostage until the user pays a ransom fee to the attackers. Typically it comes in the form of a drive-by-download (malicious downloads hidden in ads or other site content users may be unaware of) or malicious email with a link or attachment. The malware will install on the user's system, silently encrypt files and documents (including accessible network shares), effectively preventing the user accessing the system or its files. It also attempts to destroy and stop data backups. Once completed, the malware shows the user a ransom note, with instructions on how to pay the ransom (usually between $300 and $600 USD), and obtain the key needed to decrypt and regain the files.

How can I protect myself ?

Incidents of ransomware have grown globally. Most malware is removed by security tools before it can infect our campus, however the open nature of our academic environment makes it impossible to protect against all possible vulnerabilities.

The following tips can help protect you against ransomware and other malware:

  • Email:

Question every link that you receive in an email. Does a quick hover over any hyperlink usally show the link. Ask yourself if that is the link you were expecting? (see figure A.)

Figure A

Links in email messages are frequently used to lure you to fake web sites. If the email appears to be from a familiar service (for example: IRS or FedEx) try going directly to their web site yourself, instead of following the link.

Attachments to email messages may be malicious. Don't open attachments from strangers. If the attachment comes from a friend or co-worker, but seems unusual or unexpected, confirm with them before opening it.

The ASU Information Security Office often publishes alerts and announcements, along with security tips here.

Remember to hover, check, or navigate on your own.

  • Warnings or unfamiliar behavior:

If you see an unusual warning on your computer screen, or it is doing something else abnormal, stop and see if you can make sense of it before proceeding. If you're not sure, ask for technical help to check it before you click anything.

  • Check your privilege

Are you running as an Admin on your system? Using an account on a local machine with elevated privileges means if your account becomes compromised the attacker also has those same privileges. Use the principle of least privilage on your account and use "run as administrator", only when needed -- when you're planning to install software or make system changes. See our article on migrating to a non-privileged user account here

  • Patching / System updates

Apply updates promptly -- not just your operating system (Windows, Apple, Linux,etc.) but all your other software too. If your software doesn't remind you to update, you may have to check for updates yourself on a regular schedule. Examples:

    • Office software
    • Adobe products (Flash, Creative Cloud, Reader)
    • Browsers (Firefox, Chrome, Safari, Internet Explorer)
    • Anti-Virus (Forefront, Essentials, ClamXav)

Some software will prompt you to update upon starting the application. Be prompt in your updates, and you may find yourself guarded against a sudden discovered vulnerability in an older system.

  • Know your Alphabet

If you connect to network drives frequently, examine how often you actually access the drives. Having an active connection to a network share that doesn’t need to be connected can endanger the information on that network drive should your system become infected.

  • Backups are critical

Are your files backed up regularly? If a hacker got control of your computer, could they delete your files AND your backups too? Ensure you backup on a regular schedule: the frequency of the backups are up to you and how comfortable you are with the time between backups. Also ensure you store the backups on a seperate storage device to protect it should the host machine become infected.

  • Limit Access

Don't ask for permissions to things you don't need and drop permissions you don't need any more. Don't give others more permissions than they need. For example if someone only needs to read a document, don't give "edit" or "write" permission.

  • Shut it off until you need it

Many web sites have "active content" -- such as videos and other media players. These go by names like Flash, Silverlight, ActiveX, Java, JavaScript... on trusted sites they may be OK, but if you accidentally visit a malicious site it may attack your computer. So set your web browser (through menus or add-ons) to deny active content by default. Then, when you need some active content for ASU-related activities, you can turn it on for just that session on trusted site.

  • Separate work and home

ASU equipment should be used for ASU related duties. Use your own devices for entertainment and other non work activities.

  • Consider using some of the below free products to protect yourself.
    • Bitdefender Anti-Ransomwareis a free security tool that offers next-gen protection against the CTB-Locker, Locky, Petya, and TeslaCrypt ransomware families by keeping your files safe from encryption in a simple and non-intrusive way. More information and an download link can be found here.

    •  Cryptostalker : is free open source anti-ransomware software developed to help detect ransomware on systems to incldue linux OS. More information and an download link can be found here.

    • RansomFreeis a free ransomware protection software, created by Cybereason. RansomFree detects and stops ransomware from encrypting files on computers and servers. More information and an download link can be found here.

If you fall victim to ransomware: Stop! Drop! Call!

Stop: Stop what you are doing immediately. Don't try to explore, fix, clean, etc.

Drop: Drop your network connections right away. Unplug your network cable if you have one. Disconnect from wireless networks and/or turn off any wireless adapters. The malicious software may be actively trying to reach out to other systems on the network, so you want to stop it in its tracks.

Call: the ASU help desk (1-855-278-5080) promptly and make sure they understand the urgency of the ransom threat.

Feel free to contact infosec@asu.edu for any additional questions or help regarding IT security on campus.