Information Security: Ransomware and the Need for Ongoing Vigilance

Dawn Irish
Friday, October 18, 2013 - 3:15pm

Ransomware is a growing variant of phishing in which an attacker convinces a user to run an application that encrypts their data.  In order to unlock the data, the hacker demands money (ransom) to provide the unlock key.  While there are no current ransomware infections at Tufts University, other universities have had outbreaks of “CryptoLocker,” the most recent version of this type of attack.  October is Cyber Security Awareness month, and Tufts Technology Services (TTS) would like to take this opportunity to remind community members that the best protection against all cyber security threats, including ransomware, is a combination of both technology and individual vigilance.

Antivirus Software

Because variations of viruses are always changing, anti-virus software is not always successful in blocking them.  Once your files are infected, it may not be possible for anti-virus software to decrypt them, so user vigilance and prevention are imperative. 

What you can do to protect yourself?

TTS takes precautions to help protect our community, including keeping our computing environment up-to-date with operating system and application patches via LANDesk and update servers, keeping anti-virus definition files current, and using our Proofpoint servers to block the vast majority of viruses that come in through email.  However, the most effective prevention happens with a combined effort at the enterprise level and at the individual level.

  • Do not open attachments you were not expecting, or from people you do not know. 
  • Make regular offline backups of your files.  Online backup solutions like Carbonite and Dropbox can be affected by a virus, and will copy encrypted files to their storage sites.  Tufts faculty, students and staff may back up their files to their Tufts personal drive (P:) or departmental drive (Q:), which are all backed up frequently by TTS administrators.   Tufts version of Box.com could be infected if a user inadvertently uploads a file that is infected by viruses like CryptoLocker.   Do not leave external back-up devices, like an external hard drive or thumb drive, plugged into your computer.  Physically disconnect them once the back-up is complete.
  • TTS regularly updates antivirus software and applications on university-managed devices. Keep your anti-virus up to date on your personal computing devices.   

What should I do if my computing device is infected?

  • Immediately turn off the computer.
  • Do not attempt to move files or circumvent the problem.
  • Contact the TTS Service Desk immediately at it@tufts.edu or 617-627-3376.

Why is this important?

Good security practices benefit the entire Tufts community in the same way that turning off lights to save energy or recycling help.  Small efforts like thinking twice before opening a suspicious attachment can save many hours of work for you and your IT groups to counteract the effects of a virus.  Tufts Technology Services is committed to providing the most secure environment we can with your help and vigilance.

More information about CryptoLocker

http://www.infosecurity-magazine.com/view/35045/cryptolocker-the-ransomware-theres-no-coming-back-from/

http://answers.uchicago.edu/page.php?id=34505

http://www.doit.wisc.edu/news/cryptolocker-ransomware-found-campus/