Prevent & Mitigate Ransomware

Protect from Ransomware

If you manage U-M devices or data, you are responsible for taking steps to protect them from ransomware.

Universities and medical systems are frequent targets of ransomware. In some cases, attackers have threatened to make stolen data public. Payment of the ransom is no guarantee that you will regain access to the data or prevent its release. 

Steps to protect U-M data and devices:

• Follow the Hardening for U-M Systems guidance, or use an approved configuration such as MiWorkspace or MiServer systems.
• Install CrowdStrike Falcon endpoint protection on any U-M computers you are responsible for.
• Refer to Minimum Information Security Requirements for Systems, Applications, and Data for required security measures for the type of data the system will handle or store.
• Implement Duo two-factor on any machine that allows authenticated connections from the internet.
• Protect all accounts with administrative or privileged access to systems. Make sure to review the guidance for Managing Privileged Accounts.
• Back up data. All U-M units and research programs are required to develop and document backup plans for U-M institutional data. Back up plans should:
  • Follow the guidance in Back Up U-M Data. 
  • Backups should be stored in a separate system and be verified on a regular basis. 
  • Use file-level versioning so you can quickly restore individual files if needed.
• Keep hardware and software up to date. Apply all patches and updates as soon as possible after appropriate testing, and only use supported, current software.
• Monitor for Problems. Routinely monitor unit systems for signs of potential compromise. CrowdStrike Falcon admins can help check systems, and you can see detailed guidance in Checking Systems for Signs of Compromise.

Promote Awareness

Phishing, email attachments, and downloads from malicious websites are some of the biggest vectors for ransomware. Share education and awareness materials provided by ITS Information Assurance:

• Educate users on avoiding phishing and other suspicious email, and on common scams and techniques used to compromise devices. 
• Post this print-and-post flyer: Beware of Ransomware!
• Share this Safe Computing webpage: Protect Yourself from Ransomware
• Learn more at StopRansomware.gov. The U.S. Government's official one-stop location for resources to tackle ransomware more effectively.

U-M Ransomware Protections

ITS Information Assurance (IA) and Health Information Technology & Services (HITS) work with units across U-M to reduce risk and protect against cyberthreats, including ransomware. To do this, we provide:

• Network security (requires U-M login)
• Endpoint protection
• Vulnerability management
• Logging and monitoring
• MITN: Shared Threat Intelligence at U-M
• Back Up U-M Data
• How U-M Reduces Malicious Email for You
• Cyber risk insurance