Protect yourself against ransomware attacks

In recent months, the impact of cyber-attacks in the form of ransomware have been felt by the masses. 

In May, the East Coast’s fuel supply was disrupted as the Colonial Pipeline company was ransomed for a hefty sum of nearly $5 million. Shortly after, the United States meat supplier JBS was ransomed for an even larger sum of $11 million. A little closer to home, Ohio and West Virginia hospitals of the Memorial Health System were victimized with ransomware last week and had to resort to response protocols such as canceling surgeries and modifying operations procedures. 

So, what is ransomware, why is it used, and what are some things we can do to defend against it at Ohio University?

What is ransomware?

Ransomware is a type of malicious software deployed that prevents someone from accessing or using their computer in a way they normally would unless they pay a fee to unlock this access. Cyber-criminals typically use this attack type for financial gain, but other motivations are possible. 

Ransomware can be delivered by compromising users and devices through weak passwords or phishing emails, or by exploiting open vulnerabilities in systems. 

What can I do to protect myself against ransomware?

There are several things you can do to protect yourself, your devices and your data from cyber-attacks. The following recommendations are in accordance with best practices from the Cybersecurity and Infrastructure Security Agency (CISA).

• Back up your data: Ensure that your work and personal data is backed up. For University files, consider using a dedicated Microsoft OneDrive space to save copies of your work. For personal files, consider personal cloud storage or a physical external storage device. It is generally recommended to maintain an offline and encrypted copy of your data. The Office of Information Technology (OIT) offers various storage options that support a secure home for your data. 
• Recognize phishing attempts: If you do not know who the sender of an email is or were not expecting a message from a sender, be cautious about clicking links or opening attachments. The Phish Bowl provides recent examples of phishing campaigns targeting the University.
• Use multifactor authentication: DUO Mobile is already required for some University services, but consider utilizing multifactor authentication for your personal life as well (shopping accounts, banking accounts, social networking accounts, etc.). 
• Keep your computer and smart devices up to date: Ensuring your device is regularly updated will reduce the exploitable entry point to an attacker. OIT offers device management on all University-owned devices.  
• Ask for help: If you have any questions on ransomware protection, please submit an IT ticket or request an Information Security consultation.