The Download: Feature Articles
Ransomware Scams: What They Are, How to Avoid Them
By Leila Sharma | September 29, 2022
Don’t Let Them Lock You Out of Your Own Computer
Ransomware is an increasingly common and highly destructive type of malware that often tricks users into installing it onto their devices. Once installed, it can spread to connected systems, quickly compromising devices, systems and networks. An overall trend with respect to ransomware is that attacks are on the rise and ransomware groups are deploying increasingly sophisticated malware. How prevalent is ransomware in Higher Ed? For 2021 Sophos reported 38 publicized attacks in higher education, with an average cost of 1.42 million per attack. The 2022 Verizon DBIR (Data Breach Investigations Report) notes a 30% increase in ransomware attacks in Higher Ed over the past year.
Ransomware is frequently spread through malicious email links and attachments. Simply clicking on these elements can lead to a ransomware installation on your device. There is also a zero-click (requires no user interaction) type of ransomware that infects your device by exploiting vulnerabilities in unpatched software. Following the encryption of files, a ransom demand seeking payment, often in bitcoin, to unlock the files and restore encrypted content will appear onscreen. Ransom payment does not guarantee receipt of a decryption key or successful restoration of a complete set of uncorrupted files, nor does it guarantee that individuals and organizations will not be targeted a second time with “double extortion” - an emerging trend in which ransomware operators seek not only payment for a decryption key, but seek a second payment to not exfiltrate or steal the data they’ve encrypted.
In addition to malicious links, attachments, and software vulnerabilities, ransomware can also be spread by enabling macros associated with an attachment, malicious web pop-ups, websites, adware, downloads, updates, and links in social media platforms and text messages. The scam perpetrators may be individuals, groups, or nation-state-sponsored actors with geo-political goals. In addition to a ransom payment for a decryption key, they may also be seeking to inflict reputational damage, steal intellectual property, PII (Personally Identifiable Information), HIPAA data, or they may be seeking to corrupt data, cripple critical infrastructure, or disrupt business functionality.
NYU IT helps to protect you and NYU from ransomware and malware, but you’re an important partner in this process. What is the best way for you to protect yourself and NYU from ransomware? The answer is twofold:
Prevention is ideal, and quick action if infected is a must.
- Backup Your Data. Maintain an offline backup of your devices and systems, and regularly test the restoration process.
- Update early and often. Patch devices and systems when updates become available as updates address known security vulnerabilities.
- Use anti-malware software to protect against known threats. NYU offers community members free anti-malware software for use on personal devices.
- Think Before You Click. Do not click on embedded links or attachments you were not expecting to receive.
- If a communication appears to come from a familiar person or organization, but sounds uncharacteristic, or is delivered to you on an unexpected platform (e.g., a communication from a higher up that occurs over social media vs. your work email), apply caution before taking the requested action and contact the sender using a trusted phone number to confirm.
- Remember, a seemingly safe link, like a social media connection request, may be malicious and have a negative consequence when you click it, or take you to a spoofed website where you’ll be prompted to take an action that’s not in your best interest.
- Stay Security Aware. Check out NYU Cybersecurity Awareness Training and NYU’s Safe Computing website.
What to do if infected:
- Disconnect from Networks, Connected Systems and External Devices. If you notice your file extensions beginning to change or if a ransom message is displaying on the screen of your device, immediately disconnect from the network, and all connected systems (e.g., NYU Box, Google Drive), and external devices, but do not power off your device.
- Report the Incident. Next, to report the incident and get assistance, send an email to GOIS, email@example.com, the NYU IT Service Desk, AskIT@nyu.edu, your supervisor, your local IT admin, and help desk (if you have one) asap, with the following subject line: “URGENT Ransomware”.
- Follow best practices for message handling - Do not attempt to reply to or forward known or suspected malicious email/message to anyone other than firstname.lastname@example.org. When you send it to security, please include the message headers. To forward an email with headers:
- From the Gmail menu of the message (vertical 3 dots on the top right of your screen), select Show original => Copy to clipboard. Once this is done you can return to the message you are composing, position your cursor in the email body, and select Edit => Paste, or press command + V (on a Mac), or Ctrl + V (on a PC) to paste.