Protecting against Ransomware Attacks

Computer Lock Image

Ransomware is a form of malware that encrypts user data with a very high encryption algorithm, which is followed an extortion threat for the key to unencrypt the data asking for money deposited as BitCoin.

While there are no simple solutions to this threat, there are some basic security practices that you can follow to limit your exposure and keep attacks from permanently destroying your data. Each of the five steps below are ways to proactively protect your accounts and make it harder for attackers to gain access to your data.

Secure offline verifiable backups
The only way to completely safeguard yourself against an attacker owning all of your data is to have a copy of that data in a location that is secure and beyond their reach. An offline location, or ‘cold storage’ location, is one that is disconnected from any network and can be powered off. Disconnected media could be a flash drive, external hard drive, or storage that is only connected while in use. Ransomware attacks target infection through the Internet, so these offline copies could be your last full backup that allows you to restore all of your files after removing a ransomware attack from your machine.

Limit Phishing Attacks
Phishing is the act of socially engineering an email message to lure recipients into clicking a link or downloading an attachment with a malware payload. Email spam filters help to protect us from phishing messages before we see them in our inbox, but no filter is 100% effective. “Think before you click.” If an email message is asking you for personal information take a minute to determine if it is a legitimate email message. Look at the sender’s name, is the sender sending the email from a university email address? Hover your mouse over the link (without clicking on it) to see where the link takes you. If the link directs you to a website that isn’t part of the URL text, don’t open it.

Phishing emails can be very convincing. Organizations don’t often ask for personal information via email. USF/USFSP will not ask for personal information in an email. If you feel that the email could be legitimate the safest thing to do is log into the website (such as my.usf.edu) directly by opening up a new web browser and entering the web address in the address bar. If the system is legitimately requesting personal information there will be a notification after you log in. This informative article by USF Health, Phishing, How to Avoid the Bait, enumerates the various types of phishing and countermeasures.

Two factor Authentication for Email and Social Media Accounts
All USFSP staff and students use Gmail accounts for their work. A popular attack method involves logging on to a victim’s email account, and quickly changing the password and locking out the victim from their own account. You can prevent this in the event that your account becomes compromised by enforcing a two factor authentication for account changes. If you set up recovery info, such as a phone number for texts or a backup email account, this information cannot be changed without a successful response from your backup method. You don’t have to receive a code every time you log in, but if significant contact info is changed by a hacker it won’t succeed. Having always been concerned with privacy, I was reluctant to provide this, but now I keep a spare email address for this purpose.

Often users employ a very short list of passwords and reuse them for multiple accounts.  This is very dangerous as when one account is compromised, all of the accounts that share that password are also vulnerable. Vary passwords to limit the attacker’s ability to jump from one system to the next using your credentials. This article by USF Health, Passwords vs Passphrases, can help you create more effective passwords for your accounts.

Adhere to the principle of Least Privilege
The Principle of Least Privilege is a fancy way of saying that a user account should only have the rights and permissions needed to do work and no more than that. When a ransomware infection seizes your computer, it encrypts all files that it can access, either locally or remotely. As an administrator of a machine, it can inflict far more damage by accessing more files. Regular computing activities should only require a standard user account.  Set your daily use account as a non-administrator, and give your administrator account credentials only when needed to install or update software or the OS.

Patch and Update Systems Regularly
Most modern operating systems (OS) have free patching services available, you need only run those services regularly and allow updates to occur.

Last edited on August 22, 2019