Ransomware Definition
Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
How Ransomware Works
There are a number of ways ransomware can access a computer. The most common is through phishing, with attachments that come via an email, masquerading as a trusted file. Once they are opened and/or downloaded, they can take over a device. Some more aggressive forms exploit vulnerabilities in applications or even operating systems never needing a human's intervention.
There are several things the malware could do once it has taken over, but by far the most common occurrence is to encrypt the user's files. The files cannot be decrypted without a key, which will only be given after a ransom is paid.
Who is a Target (Why Should I Care)?
Everyone and every organization is a target. National and global news have made ransomware stories major headlines. Recently in the U.S., we have seen our fuel transportation industry, mass transit, and meatpacking industries hit. But the bad guys aren't just in it to make headlines, they want MONEY. The average payout for ransomware in 2019 was $115,123 but increased 171% in 2020 to $312,493. The healthcare industry makes up 11.6% of the industries targeted by ransomware attacks.
How to Prevent Ransomware
There are a number of defensives to take to prevent an infection, which are all good security practices in general.
- Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
- Don't install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive.
- Back up your files, frequently and automatically! That won't stop a malware attack, but it can make the damage caused by one much less significant.
If Your Device is a Victim of Ransomware
For UTHSC Devices
If your UTHSC device is under attack by ransomware, IMMEDIATELY power off the machine by pressing and holding the power button until the computer turns off then contact the ITS Service Desk (901.448.2222). Do not try and fix the device yourself.
For Personal Devices
While your personal device is not the responsibility of UTHSC, we do want to help keep you secure. CSO created a video with step-by-step instructions on recovering from ransomware. However, if you don't have a backup of your data, there may be no recovery.
Resources
Cybersecurity & Infrastructure Security Agency (CISA) Ransomware Page
Tripwire.com report on average payouts
Cybersecurity & Infrastructure Security Agency (CISA) Ransomware Guide