Ransomware

What is it?

Ransomware is malicious software that infects a computer and then restricts a user’s access to their documents until a financial ransom is paid. There are many types of ransomware, but most begin with a phishing email attempting to trick you into downloading or installing the ransomware or seeking your credentials so it can do so itself. Some ransomware attacks begin with a phone call from someone posing as tech support claiming that they detected a problem with your computer and need you to install software to help repair it. Once the ransomware is installed on the victim’s computer, it starts encrypting your files. More recently, some ransomware criminals have employed what is called a ‘double extortion’ in which along with encrypting your data, they also steal confidential files and threaten to make them public if you don’t pay the ransom.

We have seen ransoms anywhere from a few hundred dollars to hundreds of thousands of dollars, depending on the type of information that is being held or how many computers are infected.

Educational institutions have reported cases where faculty and researchers had to resort to back up files for terabytes of data because their computers were infected with ransomware, and in a few instances paid ransoms of half a million dollars to regain access to proprietary research data.

How do I defend myself?

The sensitivity and interconnectedness of information found at the University of Florida makes it an attractive target. Patient health information, student data, research data, and intellectual property are parts of the every-day operations at both the university and hospital level. Protecting that data and information is our shared responsibility.

To begin with, learn how to spot and report Phishing. Many ransomware attacks begin when someone clicks on a phishing message, and either accidentally gives their credentials to the criminals or is tricked into installing the software.

Next, follow basic steps to protect your computer and your data. Some ransomware programs exploit vulnerabilities in your computer’s operating system (Windows or Mac), while others use applications on your computer to install the program. Thus, installing updates for your computer and the applications on it is crucial to get the lasecurity fixes. Lastly, be sure to have backups of both your computer and your data, so that should the worst happen, you can recover without resorting to paying a ransom to cyber criminals. 

See Protect My Computer for more information on how to patch and backup. 

What if I think I have a ransomware infection?

• At the first sign of a ransomware infection, turn off – or even quickly unplug – your computer. You might be able to catch it soon enough before many files are encrypted, and prevent further damage.
• Alert local IT Support or the UF Computing Help Desk. For ransomware instances involving UF computers, your IT support or the UF Computing Help Desk will engage the UF Computer Security Incident Response Team, and can get law enforcement involved if needed.
• Submit suspicious email messages to the UF Information Security team:
  • In GatorMail click the Phish Alert Button in Outlook.
  • If you don’t have the Phish Alert Button, forward the message as an attachment to abuse@ufl.edu.
• The FBI does not encourage paying a ransom to criminal actors. According to the 2020 IC3 Annual Report, “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”