What Is Ransomware?
- Ransomware is malicious software that can infect and encrypt the files and folders on your computer and other devices, preventing you from opening them. Victims are asked to pay a ransom to get their folders, files, and devices unlocked.
- Criminals use ransomware to extort money from individuals and organizations. Educational institutions and healthcare organizations are among the top targets.
If You Get Ransomware
If a computer or device that is owned or managed by the university or is used to access or maintain sensitive U-M data is infected and encrypted by ransomware, take action immediately.
- Report it to the appropriate contact or contact the ITS Service Center.
- Don't pay the ransom. There are no guarantees when you are dealing with criminals.
How Ransomware Typically Gets on Devices
The are two ways that ransomware typically infects devices or networks:
- Phishing emails: You open an email attachment, a shared document link, or click a link that takes you to a malicious website. This downloads malicious software, which may be ransomware or a trojan downloader that will look for vulnerabilities on the computer network. It then infects your device or a networked device with ransomware.
- Vulnerable systems exposed to the internet: Criminals look for services or systems exposed to the internet that have unpatched vulnerabilities. This allows them to gain access, explore enterprise systems and networks, and install ransomware.
Once a computer or other device is infected, the malware may begin encrypting files and folders on the device, local drives, any attached drives, backup drives, and potentially other computers on the same network.
What You Can Do to Protect Yourself
- Don't open unexpected email attachments. Check with the sender first.
- Check links in email before clicking by hovering over them with your mouse. Learn what to look for at Don't Fall for Phish!
- Make backups, and keep them separate from your device.
- Install and use antivirus software.
- Michigan Medicine users must enroll their mobile devices in the Intelligent Hub mobile device management system in order to connect to Michigan Medicine resources from them.
- Help IA spread the word about ransomware with our printable poster: Beware of Ransomware! Digital signs are also available.
- If you are responsible for managing websites, systems, or applications: Stay informed about updates and security issues. Apply updates and fixes as soon as possible, before malicious actors take advantage of known vulnerabilities to cause harm.
- Learn more about ransomware:
Ransomware and Cloud Services
Ransomware infects files on your computer, so content stored in the cloud, such as content in U-M Google Drive or Box, is protected as long as it is not synced to the infected computer.
If files synced to your computer via Box Sync are infected with ransomware, you can make an older version current via the Box webapp. This works because the ransomware creates a new version of the file, but Box keeps the original, uninfected version as a prior version.
If you are using Desktop Backup (Code42) to backup your files, you can use it to get back older, uninfected versions of infected files. Desktop Backup is recommended if you routinely store files on your device for protection against ransomware, data corruption, hard drive crashes, and so on.