Ransomware is malicious software, also known as malware, designed to encrypt files on a computer, making them unreadable. The creators (the bad guys) then demand a ransom in exchange for a “key” to unlock the files on the computer. Ransomware incidents can severely impact personal and university processes, leaving the victims without the data on the files they need to operate or deliver their services. In some cases, the criminals will pressure victims for payment by threatening to release the information they’ve stolen if they refuse to pay the ransom. Some of the ransoms demanded have exceeded $1 million.

How can you protect yourself? How can you help protect the university’s data? We’re glad you asked!

Here are some obvious and not-so-obvious practices:
Be Prepared. Maintain protected backups of your data – this can mean “offline” or not connected to the internet. However, backup strategies will allow for encrypted and protected backups without being “offline,” where a copy of your data is preserved and is not accessible through standard techniques.

Regularly test your backups! Everyone likes to say they have backups, but few can tell you the last time they tested the procedures to restore the data from the backups. That’s a real leap of faith!
Scan your devices regularly for vulnerabilities in the operating system and application software. For UT-Owned devices, install an agent that will scan your computer for vulnerabilities in the operating system (i.e., not updated or patched). UT Policy mandates that UT-owned devices run up-to-date and supported operating systems. That’s a good idea for your home devices, too!

Review the cybersecurity user awareness training! Some modules are assigned that pertain to things like malware or phishing, two of the main ways that ransomware takes hold.
USE 2FA anywhere possible, particularly for webmail, VPN access, and accounts that access critical systems or applications like IRIS or Banner.

Avoid running as the Administrator on your computers. Also known as the principle of least privilege, you should sign into the access you need to perform your job. That’s not to say you can’t perform administrative functions on your assigned computer. However, you need to authenticate to gain the additional privileges, NOT just click “OK” when prompted. Yes, it’s a pain, but also, it’s the world we live in. 

An early nineteenth-century Prussian General stated, “No plan survives contact with the enemy.” President Eisenhower said, “…plans are useless, but planning is indispensable.”

Ransomware, the type of attack where the bad guys take your data and render it useless, is recent. The methods to prevent it or lessen its impact are not. It’s your IT Professionals’ age-old, sage advice: “Patch it, back it up, and above all, don’t click on that link!”

If you do fall victim to a ransomware attack, shut down your computer immediately and contact your IT Administrator. According to the UTK Incident Response Plan, you must also report the incident to OIT by calling the HelpDesk at 865-974-9900. Do not enter into a discussion with the criminals, and try to talk them into giving your files back. OIT will report the incident to the local and federal authorities. If this happens to your personal computer or personal files, contact the local FBI Field Office.