Hopefully most people will now have heard the word "Ransomware" as the recent WannaCry ransomware attack on the NHS on the 12th May was big news.Here is a quick break-down of what you need to know- and what you need to do.
What is it?
Ransomware is a type of malware which 'locks' the files on a computer and then demands payment to unlock them and is one of the biggest threats facing the University.It works as follows:
- Typically you get an email directing you to click on a link or open an attachment - The email may look genuine in many respects and may seem to come from a bona fide source (e.g. HR). Remember that email addresses can be 'spoofed' to disguise their true source;
- You click on the link or open the attachment;
- The website you visit, or the attachment you open, changes (encrypts) all your files so you can't open them;
- You get a notification that your files have been made unusable, with a demand to pay money to get them back;
- You may pay the ransom, and may – or may not- get your files back (how much do you trust the person who just stole your files?);
Ransomware emails seen at Brunel have had the following subject lines:
- Unable to deliver your parcel
- Purchase order
- Your password will expire in n days
- You have received an important document.
- Thank you for being our loyal Customer. This is your reward
- Admin Staff Case
- Your Paycheque Details
Key questions to ask yourself are:
- Am I expecting an email from this organisation?
- Have I actually purchased or used the service being referred to?
- Am I confident that the attachment is safe?
If the answer is "no" then you should delete the email or at least verify its authenticity
What do I do if my PC (or other device) is infected by Ransomware?
If it gets onto your PC, the Ransomware will encrypt (lock) the files on your PC and possibly, network files as well, such as G: and H: At this point the files on your computer are no longer accessible to you and you must take the following action:
- Do not follow any of the advice on your computer screen;
- DO NOT PAY THE RANSOM;
- Do not plug in any USB storage device in an attempt to recover backed up data;
- Disconnect your computer from the power supply immediately;
- You must report the incident to Cyber and Information Security firstname.lastname@example.org and the IS Service desk Computing.Support@brunel.ac.uk, telephone 01895 265888