Important Security Advisory about Ransomware
Archived
Please be advised that a number of incidents involving ransomware have been reported at Queen's. The following information is provided to help prevent and minimize the risks of these types of attacks.
Ransomware is malicious software that can encrypt files on an infected computer or device. It then alerts the user that a ransom must be paid in order to recover the data. The consequences of these attacks can be serious - besides loss of data and financial loss, there are significant costs to productivity, including the resources required to recover a compromised system.
How to prevent and mitigate ransomware attacks:
- Attacks are often perpetrated through emails that appear to be legitimate, but contain attachments or links to vulnerable websites. The best way to prevent an attack is to avoid opening unsolicited attachments or clicking links without inspecting them first. Learn more: http://www.queensu.ca/its/security/EducationAndAwareness/GoldenRules.html
- Back up your important files to a secure location regularly. If your system becomes infected, locally stored data can be lost permanently, in the blink of an eye. When your data is backed up, your hard drive can be wiped and your data will remain safe.
- ITS recommends keeping work-related files on Windows File Service. This ensures that your data is stored on a file system that is redundant and backed up on a daily basis. To date, no local data has ever been recovered on a Queen's PC infected by ransomware, however ITS has been successful in retrieving ransomware-infected files stored on Windows File Service. Learn more: http://www.queensu.ca/its/managedservices/winshare.html
Alternately, you can use QShare, and Microsoft's OneDrive for Business will be made available to Queen's faculty, staff and students in the coming weeks.
- Install antivirus software and keep it up to date. Microsoft System Center Endpoint Protection (SCEP) is available to faculty and staff, and can be downloaded from MyQueen'sU. Learn more: http://queensu.ca/its/software/antivirus/scep.html
- Learn about safe computing practices – an Information Security Awareness course is available on Moodle: https://moodle.queensu.ca/community/course/view.php?id=241
- It is important to note that full drive encryption will not provide protection against the effects of being infected by ransomware.
What to do if your system becomes compromised:
- Stay calm. Do not reply to the attacker or pay the ransom. You will be putting yourself at further risk by disclosing your financial details, and you still might not get your data back.
- Report the incident to the IT Support Centre immediately. You can also get help with identifying suspicious messages. Call 613-533-6666 or fill out the online help form: http://www.queensu.ca/its/helpform
More information:
- Examples of ransomware include Cryptowall, Cryptolocker and CoinVault. You can find more examples documented on Microsoft's website, along with a list of ransomware FAQs: http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx
Ransomware is malicious software that can encrypt files on an infected computer or device. It then alerts the user that a ransom must be paid in order to recover the data. The consequences of these attacks can be serious - besides loss of data and financial loss, there are significant costs to productivity, including the resources required to recover a compromised system.
How to prevent and mitigate ransomware attacks:
- Attacks are often perpetrated through emails that appear to be legitimate, but contain attachments or links to vulnerable websites. The best way to prevent an attack is to avoid opening unsolicited attachments or clicking links without inspecting them first. Learn more: http://www.queensu.ca/its/security/EducationAndAwareness/GoldenRules.html
- Back up your important files to a secure location regularly. If your system becomes infected, locally stored data can be lost permanently, in the blink of an eye. When your data is backed up, your hard drive can be wiped and your data will remain safe.
- ITS recommends keeping work-related files on Windows File Service. This ensures that your data is stored on a file system that is redundant and backed up on a daily basis. To date, no local data has ever been recovered on a Queen's PC infected by ransomware, however ITS has been successful in retrieving ransomware-infected files stored on Windows File Service. Learn more: http://www.queensu.ca/its/managedservices/winshare.html
Alternately, you can use QShare, and Microsoft's OneDrive for Business will be made available to Queen's faculty, staff and students in the coming weeks.
- Install antivirus software and keep it up to date. Microsoft System Center Endpoint Protection (SCEP) is available to faculty and staff, and can be downloaded from MyQueen'sU. Learn more: http://queensu.ca/its/software/antivirus/scep.html
- Learn about safe computing practices – an Information Security Awareness course is available on Moodle: https://moodle.queensu.ca/community/course/view.php?id=241
- It is important to note that full drive encryption will not provide protection against the effects of being infected by ransomware.
What to do if your system becomes compromised:
- Stay calm. Do not reply to the attacker or pay the ransom. You will be putting yourself at further risk by disclosing your financial details, and you still might not get your data back.
- Report the incident to the IT Support Centre immediately. You can also get help with identifying suspicious messages. Call 613-533-6666 or fill out the online help form: http://www.queensu.ca/its/helpform
More information:
- Examples of ransomware include Cryptowall, Cryptolocker and CoinVault. You can find more examples documented on Microsoft's website, along with a list of ransomware FAQs: http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx
- Publish Date: November 19, 2014 16:29
- Channels:
-
IT Support Centre
- On Campus: ext. 36666
- Off Campus: 613.533.6666
- Online Help Form