Ransomware is a particular type of malicious software that blocks access to a victim’s computer and data until a ransom is paid. It does this by locking the computer down and encrypting files using a key that only the attacker knows. Victims are told they must send a payment, often using Bitcoin, to unlock their computer and get access to their data. The ransomware might threaten to publish or delete the victim’s data after a period of time, to encourage them to pay.
Contents
How can I avoid getting infected with ransomware?
The same strategies that you can use to avoid regular malware also works for ransomware. Consult our guide on malware for more information.
Backups are by far the best defense. If your files are encrypted but you have a backup, you can just wipe your hard drive and restore your files from the copies. Ithaca College recommends OneDrive for backing up your data.
If you back up your data on an external hard drive, leave it unplugged from your computer. If you are hit by ransomware while the external drive is connected, your backup files will be encrypted as well.
What platforms are vulnerable?
There are variants of ransomware for every common operating system. Microsoft Windows, Apple MacOS and Linux are all vulnerable, as well as mobile Google Android and even Apple iOS devices.
My computer is infected with ransomware. What do I do?
First, disconnect your computer from the network immediately. This will ensure it does not spread to other computers.
Second, try to determine what kind of ransomware you have. Some types have decryption tools available, on sites such as https://www.nomoreransom.org/. Be careful when searching for decryption tools on the internet, since some might be scams. To stay safe, use tools from reputable sources like security firms and government agencies.
As soon as you can find out what type of ransomware you have, or if you need help doing so, turn off your computer and contact IT at (607) 274-1000. Our Endpoint and Information Security teams will be happy to help you.
To recover your data, we recommend wiping your hard drive, reinstalling your operating system, and restoring your files from a known backup. Ithaca College recommends OneDrive for backing up your data. Even if the files in your OneDrive folder were encrypted, you can roll back to an earlier version of them.
Should I pay the ransom?
If you do not have backups of your data, it can be tempting to pay the ransom to get your data back. However, IC advises against this for several reasons. First, doing so does constitute giving money to criminals. Second, there is no guarantee that the attackers will restore your files if you do pay. Some types of ransomware, such as the recent NotPetya outbreak, are not even capable of decrypting your files. In other cases, the attackers might just keep the money, since you have no recourse if you pay and do not get your files back.