Preventing and mitigating "ransom software" from causing you and your colleagues problems

This week we’ve had four instances of “ransomware” (ransom software) and (since we’ve never previously had ransom software instances) we’re worried this will get worse unless you help stop it now or we (or the System) put more protections (from your perspective, “hassles”) in place.  I know we can work together to avoid the hassles because darn near all of you thwart email fraud attacks, which work in similar ways to “ransomware” attacks.

Our colleagues, perhaps through email or a web site or an infected document, ran software that garbles (encrypts) all the files to which they have access.  A little box then appears providing the victim with contact information to pay someone a ransom to un-garble all the victim’s files.  That would suck if it happened to you, right?  What if you have access to shared (department, collaborative research, etc.) files and those all get garbled—even more embarrassing and a pain to resolve, right!?

Fortunately, two of our colleagues with infected computers used network drives to save their files and had limited shared file access, so we restored previous file versions (a hassle, but no ransom paid and most data recovered).  The other two colleagues have yet to learn they are infected.

Here are some ways you can prevent and mitigate this problem for yourself and your colleagues:

  • Prevent damage:
    • Only run software and open files you need for your job—and from sources you trust to practice good software protection.
    • If use Dropbox (or similar file sharing software), exercise greater caution by practicing safe habits on all the computers (including phones and tablets) you use to access the Dropbox shared file folder because Dropbox will propagate garbled versions to all networked device versions.
    • If you maintain collaborative space (e.g., shared or research network drives), review who currently has access and limit access to only those people who need it.  Usually you can even make it so people can "read" (open) files, but not update them (which prevents garbling).
  • Mitigate damage:
    • Save files to network drives (Home H:, Shared S:, Research R:) to rely on our (max three week) back-ups to Discovery Park and/or ensure you periodically back-up your original work to non-networked storage.  Remember to protect confidential/sensitive backed-up data (UNT General Counsel considers student emplids, like those on class rolls, as confidential under Texas Law).
    • If your computer gets infected, turn off the power and report the problem.

If this problem continues to escalate, we (or the System as a whole) may need to take immediate steps to ensure our education, research, and creative endeavors continue to advance.  The measures may include web browser software configuration changes to use special protections, making it really inconvenient to run non-standard software, and/or more depending upon the ransomware types, methods, perceived risk, and available solutions.

It’s a hassle for you to critically consider each email, document, and software program we receive and access.  Still, we must get better together by learning about this problem and practicing safer habits to thwart thugs who, for purely extrinsic reward, seek to undermine your success and the success of people you help.

 If you have any questions or concerns, please contact the CAS IT Service Desk.