Ransomware: Don't Pay the Ransom!

What Is Ransomware?

• Ransomware is malicious software that can infect and encrypt the files and folders on your computer and other devices, preventing you from opening them. Victims are asked to pay a ransom to get their folders, files, and devices unlocked.
• Criminals use ransomware to extort money from individuals and organizations. Educational institutions and healthcare organizations are among the top targets.

If You Get Ransomware

If a computer or device that is owned or managed by the university or is used to access or maintain sensitive U-M data is infected and encrypted by ransomware, take action immediately.

• Report it to the appropriate contact or contact the ITS Service Center.
• Don't pay the ransom. There are no guarantees when you are dealing with criminals.

How Ransomware Typically Gets on Devices

The are two ways that ransomware typically infects devices or networks:

• Phishing emails: You open an email attachment, a shared document link, or click a link that takes you to a malicious website. This downloads malicious software, which may be ransomware or a trojan downloader that will look for vulnerabilities on the computer network. It then infects your device or a networked device with ransomware.
• Vulnerable systems exposed to the internet: Criminals look for services or systems exposed to the internet that have unpatched vulnerabilities. This allows them to gain access, explore enterprise systems and networks, and install ransomware.

Once a computer or other device is infected, the malware may begin encrypting files and folders on the device, local drives, any attached drives, backup drives, and potentially other computers on the same network.

Protect U-M Devices

If you manage U-M or unit systems, computers, or data, you are responsible for taking steps to protect them from ransomware. See Ransomware Mitigation.

What You Can Do to Protect Yourself

• Don't open unexpected email attachments. Check with the sender first.
• Check links in email before clicking by hovering over them with your mouse. Learn what to look for at Don't Fall for Phish!
• Make backups, and keep them separate from your device.
• Install and use endpoint protection software to protect against threats including ransomware and other malware, such as viruses.
• Michigan Medicine users must enroll their mobile devices in Michigan Medicine's mobile device management system in order to connect to Michigan Medicine resources from them.
• If you are responsible for managing websites, systems, or applications: Stay informed about updates and security issues. Apply updates and fixes as soon as possible, before malicious actors take advantage of known vulnerabilities to cause harm.
• Learn more about ransomware:
  • Ransomware U.S. Dept. of Homeland Security, Cyber-Infrastructure. Ways for individuals and organizations to spot, prevent, and handle ransomware. 
  • No More Ransom (nomoreransom.org). Decryption tools and prevention advice.
  • Incidents of Ransomware on the Rise (FBI)
  • Ransomware's Next Target (CBS News)

Flyer and Digital Sign

Help spread the word about ransomware:

• Print and post flyer: Beware of Ransomware! (flyer)
• Digital signs: Beware of Ransomware (digital signs).

Ransomware and Cloud Services

Ransomware infects files on your computer, so content stored in the cloud, such as content in U-M Google Drive or Dropbox, is protected as long as it is not synced to the infected computer. Synchronized files infected with ransomware can spread the ransomware.

If you are using Desktop Backup (Code42) to backup your files, you can use it to get back older, uninfected versions of infected files. Desktop Backup is recommended if you routinely store files on your device for protection against ransomware, data corruption, hard drive crashes, and so on.

Ransomware Resources

• StopRansomware.gov. The U.S. Government's official one-stop location for resources to tackle ransomware more effectively.