Computer Security: ransomware - when it is too late...

“Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. 
 

Some forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying...” (Source: https://en.wikipedia.org/wiki/Ransomware)

It is not unusual to see devices falling prey to ransomware. PCs and laptops, in particular those running the Windows operating system, can easily be infected with ransomware if the user is inattentive. For example, if they open an attachment to an unsolicited mail (see some hints to detect bad emails here), or click on the link to a malicious website (see our articles on our clicking campaign).

So what can you do if you have already fallen to ransomware? First of all, turn the infected computer off immediately. Just cut the power. This will stop the malware from attacking more files. Secondly, do not pay. Do not answer. Contact us at Computer.Security@cern.ch. We might have some tools to unlock your computer again. It is already too late for your data, but if you have been careful, you should have a back-up from which we can recover your files. Standard folders on centrally managed Windows PCs are automatically backed up to CERN’s DFS file storage. You can also enable DFS back-up for Macs and Linux systems or, alternatively, use AFS or CERNbox. If all is lost, we can still offer you a hot beverage to ease the pain.

And how can you protect yourself? First of all, maintain permanent back-ups of your files (see above). Keep your operating system up-to-date by running automatic Windows updates, Mac software updates or the Linux “yum auto-update”. Pass the responsibility to CERN’s IT department if you don’t want to do this yourself. For Macs and Windows computers, install a decent antivirus software. Remember, CERN provides a free solution for office and home usage. Apply due diligence: stop – think –don’t click if that email, attachment, link or URL is suspicious, looks weird, or is not really intended for you (see once more our hints to detect bad emails). Finally, refrain from installing software from dubious webpages. “Free” does not always mean free; some “free” software or applications come with integrated ransomware…
 

Swiss campaign on ransomware

Ransomware is becoming a significant problem for a growing number of individuals, communities, organisations and companies.

As a result, CERN and a number of Swiss partners are currently carrying out an awareness-raising campaign focusing on ransomware: https://www.stopthinkconnect.org/tips-advice/general-tips-and-advice

The Swiss campaign will be held on 19.05.

 


For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report


Access the entire collection of Computer Security articles here.

by Stefan Lueders, Computer Security Team