What Is Ransomware

isit_ransomwareRansomware is a virus that will encrypt the files on your computer or mobile device and prevent you from accessing them unless you pay a fee (“ransom”). The most common targets are pictures, documents, and other personal data. There is no guarantee that you will get your files back after paying the ransom.

There is a rising trend of ransomware affecting UBC computers, particularly those that run Windows. This virus will attack all files accessible from your computer, including those on AdminFiles and HomeDrive. Unless you have an external backup, your files will be unrecoverable.

 

How do I avoid ransomware?

  • Do not open files or links in emails that sound strange or come from senders you do not recognize.
  • Do not download files from unofficial or untrusted websites. File attachments to watch out for include executables, such as .ade, .adp, .ani, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .hlp, .ht, .hta, .inf, .ins, .isp, .job, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz, .msc, .msi, .msp, .mst, .pcd, .reg, .scr, .sct, .shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh, .exe, .pif, etc.
  • Avoid installing pirated software, outdated programs, or operating systems.
  • Avoid using computers that are connected to infected networks.

What can I do to protect my files from ransomware?

  • Use Workspace to store your important files. Workspace saves a new copy every time you update your files, so even if the documents on your computer are affected by ransomware, you can always roll back to the last saved version before the infection.
  • Use a USB to manually copy and paste important files from your hard drive. Do not leave the USB plugged in, and store it in a secure drawer.
  • Unplug your external hard drives after you back up your computer, so the backups cannot be accessed by ransomware.
  • If you use Home Drive, turn off automatic connection and disconnect from Home Drive after you have transferred your files.

How do I know if I’ve been infected by ransomware?

If you have been infected, you may see a ransomware note, encrypted files, renamed files, locked browsers, or locked screens. Some schemes may claim that you have committed illegal activity on your PC, and that a government agency or police force has seized control of your computer. These are scare tactics designed to discourage you from seeking assistance and potentially rescue your files. Below is an example of some potential pop-up notices on infected computers.

Ransomware Screencaps

What should I do if I’ve been infected by ransomware?

  • Immediately turn off and unplug your computer to minimize the number of affected files.
  • Contact Arts ISIT for further instructions.