Ransomware is malware that prevents or limits users from accessing their files or devices until they pay a ransom. Ransoms can range from hundreds to thousands, even millions of dollars.
Crypto ransomware locks access to data by encrypting certain file types on an infected device. This malware typically appears through spam email and asks the user to click a link, download a file or visit a specific website. Once the user has followed the malware’s instructions and opened the infected file, the malware will target and encrypt valuable files.
Locker ransomware does not encrypt files but instead locks the user out of a device or system entirely. This malware also appears through phishing attacks and uses bullying tactics to force users to pay to regain access.
Scareware is fake software that claims it has detected a virus on your device and that you must pay to resolve the problem. Scareware might lock your computer or flood your screen with pop-up alerts.
Leakware attempts to make you panic by threatening to leak sensitive or damaging personal information about you if you do not pay the ransom. This attack sometimes claims to be sent from law enforcement and warns that you can avoid jail time by paying a fine.
New File Extensions
If you notice a new file extension appended to your filenames, they are likely locked by ransomware. Some common ransomware file extensions are .ecc, .xyz, .zzz, .encrypted, .locked and .crypto.
Always understand what you are downloading and installing
Only download from websites you trust
Do not click links or open attachments in emails pushing you to download or install a file
Do not give unknown software administrative permission
Keep your system up to date by setting automatic updates
Run an antivirus software scan to check for malware that might be active in the background
Keep your firewall always turned on
Install a browser add-on to stop pop-ups
Disable the AutoPlay feature on Windows
Switch off any unused Bluetooth or wireless connections
Back up sensitive information to a secure location, such as cloud storage or an external hard drive
What to Do
If you have been targeted by ransomware at FSU:
- Contact the ITS Service Desk at 850-644-4357 or its.fsu.edu/help.
If you have been targeted by ransomware at home:
- Never pay the ransom; it is best not to negotiate with cybercriminals, and caving in and paying encourages this type of crime
- If you catch the ransomware in action, shut off your computer and disconnect from the internet to stop the ransomware from spreading to other devices
- Use your security software to scan and clean malware from your computer
- Use a ransomware decryption application to decrypt your files and access them again
- Restore a clean backup of all your files from your backup storage