What Is Ransomware?

Ransomware is a form of malware that can encrypt files and block access to all data on your device. It can lock up networks and deny access to business-critical data. It is the #1 cyberthreat to institutions and universities because of the data these organizations hold. Cybercriminals demand payments, usually in the form of bitcoin, but payment does not guarantee receipt of the decryption key.

Phishing emails containing phony links are the most common ways ransomware attacks begin. They can also occur via malicious downloads, clicking web pop-ups, “confirming” system credentials, or exploiting vulnerabilities in unpatched systems. Ransomware can then spread from one device to another on the same network. Bad actors can target you based on the websites you visit, the demographics you seem to fit, or other information about you that they have found online, including social media. So, slow down and think before you click.


How to Protect against a Ransomware Attack

  1. Beware of phishing attempts and free downloads
    • Don’t open unexpected email attachments or shared documents
    • Only download from trusted sources, like Google Play and the App Store
    • Inspect embedded links and confirm website URLs that you’re visiting before clicking and never click on links or attachments in unexpected messages
    • Don’t click on or close web pop-ups (instead use pop-up blockers to help you avoid them)
    • Watch out for email spoofing, where a malicious message appears to come from credible sources (a colleague or a senior official)
  2. Update your devices and software
  3. Back up your data to an offline hard drive regularly, store it securely, and test the restoration process
  4. Use strong unique passwords or passphrases for all your accounts and don’t share them with anyone
  5. Check the risk level of your data in the Electronic Data and System Risk Classification Policy, store your data correctly, and be selective about sharing access

Ransomware and other malware often look for vulnerabilities in common software, so update all of your devices regularly to get the latest security patches. Backing up your devices protects your data even in a worst-case scenario. Make sure to retain an offline back-up.

How to Respond to Ransomware?

If you notice file extensions changing or see that your screen is locked and a ransomware message is displaying, follow these guidelines and do not turn your computer off.

Emergency first steps are:

  1. Do NOT turn off your computer but DO disconnect from the network and any connected systems.
  2. Do physically pull the network cable out of the network adapter, and/or disable wireless adapter
  3. Do NOT access or open any files until clearance is received by IT, specifically from IT Security
  4. Do NOT reply to or reach out to any parties demanding ransom payment
  5. Call the Service Desk at 212-998-3333 and document the ticket number
  6. From a different computer or from a mobile device, email askIT@nyu.edu and security@nyu.edu
  7. From a different computer or from a mobile device, change all your account passwords
  8. Be available to provide additional information to assist with the investigation or review

Please do not take any additional action until you have official guidance on next steps.

Safe Computing Tips to Protect you from Ransomware