What is ransomware?

Ransomware is malicious software that locks your computer and mobile devices or encrypts the contents of a computer. Once their computers are infected, victims often see an on-screen alert that states that access to their files is restricted until a ransom is paid, typically in the form of virtual currency (e.g., bitcoin). Paying the ransom, however, does not guarantee the encrypted files will be released; it only guarantees that the cybercriminals receive the victim’s money and possibly other personal information, such as financial information. Decrypting the files also does not mean the malware has been removed.

How does a computer become infected with ransomware?

Ransomware can be spread by common phishing tactics, including malicious attachments or by “drive-by downloading.” Drive-by downloading is when a person unwittingly visits an infected website that then downloads and installs malware without the user’s knowledge.

Newer methods of ransomware infection have been observed. Recent variants, such as WannaCry and WannaCrypt, take advantage of a vulnerability in operating systems or servers to gain access into an organization’s network. Once it is introduced to the network, the malicious software is designed to spread to other vulnerable computers automatically.

How can I protect my computer and data against ransomware?

Stay up-to-date on security patches

Patching vulnerable applications and operating systems reduces the number of exploitable entry points.

If you are running a supported operating system (Windows 7 – Windows 10), you should go to Windows Update to check the status of your updates and download, if needed, the latest security patches. If you have not been keeping up with your Windows Updates, then you may have to run it multiple times to get your computer completely up-to-date.

If you are running an unsupported operating system (anything before Windows 7), contact the ITS Help Center or your local IT support. They help you update to a supported operating system.

Maintain up-to-date anti-virus software

Windows 10 – Windows Defender

Windows 10 - Windows Defender is natively installed on your computer.  To determine if Windows Defender is able to protect your computer, follow these steps:

  1. Select the Start button
  2. Select Settings
  3. Update & Security 
  4. Windows Defender
  5. Look for and select Open Windows Defender
  6. Select Update tab in Windows Defender
  7. Select Update Definitions

Windows 7 – System Center Endpoint Protection (SCEP)

Please follow the download link - http://software.uconn.edu/antivirus/

Backup your files

Backup your files and keep a recent backup copy off-site. UConn provides you with multiple ways to back-up your files, including OneDrive through Office 365, Google Drive through Google Apps, and your P: Drive through ITS Enterprise File Services. However, network-connected backups can also be affected by ransomware. Keep critical backups separate from the network, such as saved on an external hard drive, and encrypted for the best protection.

Don’t fall prey to phishing messages

Be suspicious of unsolicited attachments, especially from untrusted or unknown sources. Also do not follow unsolicited Web links in emails. Refer to Always Be on Alert for Phishing Attacks for more information.

What should I do if my computer is infected or I receive a suspicious email?

If you receive a message that you suspect is a phishing attempt or a message with a suspicious file attachment, forward the message to reportphishing@uconn.edu. If you believe that your account has been compromised or your computer infected with ransomware, contact the ITS Help Center immediately.