Ransomware

Ransomware is malware that prevents or limits users from accessing their files or devices until they pay a ransom. Ransoms can range from hundreds to thousands, even millions of dollars. 

Types 

Crypto Ransomware

Crypto ransomware locks access to data by encrypting certain file types on an infected device. This malware typically appears through spam email and asks the user to click a link, download a file or visit a specific website. Once the user has followed the malware’s instructions and opened the infected file, the malware will target and encrypt valuable files.

Locker Ransomware

Locker ransomware does not encrypt files but instead locks the user out of a device or system entirely. This malware also appears through phishing attacks and uses bullying tactics to force users to pay to regain access.

Scareware

Scareware is fake software that claims it has detected a virus on your device and that you must pay to resolve the problem. Scareware might lock your computer or flood your screen with pop-up alerts.

Leakware

Leakware attempts to make you panic by threatening to leak sensitive or damaging personal information about you if you do not pay the ransom. This attack sometimes claims to be sent from law enforcement and warns that you can avoid jail time by paying a fine.

Warning Signs

 

Locked Device

Ransomware will lock your web browser or desktop and prevent you from accessing your files. You may see a "ransom note" message on your screen or a .txt file saved on your device with instructions of how to pay to unlock your device.

 

New File Extensions

If you notice a new file extension appended to your filenames, they are likely locked by ransomware. Some common ransomware file extensions are .ecc, .xyz, .zzz, .encrypted, .locked and .crypto.

Tips

 

Always understand what you are downloading and installing 

 

Only download from websites you trust 

 

Do not click links or open attachments in emails pushing you to download or install a file 

 

Do not give unknown software administrative permission 

 

Keep your system up to date by setting automatic updates 

 

Run an antivirus software scan to check for malware that might be active in the background 

 

Keep your firewall always turned on 

 

Install a browser add-on to stop pop-ups 

 

Disable the AutoPlay feature on Windows 

 

Switch off any unused Bluetooth or wireless connections 

 

Back up sensitive information to a secure location, such as cloud storage or an external hard drive 

 

What to Do

If you have been targeted by ransomware at FSU:

If you have been targeted by ransomware at home:

  • Never pay the ransom; it is best not to negotiate with cybercriminals, and caving in and paying encourages this type of crime 
  • If you catch the ransomware in action, shut off your computer and disconnect from the internet to stop the ransomware from spreading to other devices 
  • Use your security software to scan and clean malware from your computer 
  • Use a ransomware decryption application to decrypt your files and access them again 
  • Restore a clean backup of all your files from your backup storage

Resources

Understanding Ransomware

Quick video explaining what ransomware is and how it works

More 

Ransomware Response Checklist

11 steps for cybersecurity professionals to follow to develop a ransomware incident response plan

More