Skip to main content
  • Home
  • About
  • Faculty Experts
  • For The Media
  • Videos
  • Topics
    • Alumni
    • Events
    • Faculty
    • Library
    • Research
    • Students
    • All Topics
  • Contact
  • Submit
Campus & Community
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • |
  • Alumni
  • The Peel
  • Athletics
Sections
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • |
  • Alumni
  • The Peel
  • Athletics
  • Home
  • About
  • Faculty Experts
  • For The Media
  • Videos
  • Topics
    • Alumni
    • Events
    • Faculty
    • Library
    • Research
    • Students
    • All Topics
  • Contact
  • Submit
Campus & Community

Protect Yourself! Ransomware Is on the Rise

Thursday, April 28, 2016, By Christopher C. Finkle
Share

Syracuse University is experiencing increasing ransomware attacks, in which criminals send email to disseminate malware that encrypts and locks down computers, and then demand the owners pay a ransom to get their data and machines back. We’re not alone. In one case last year, a California hospital suffered a ransomware attack and paid a $17,000 ransom to get its files back.

Ransom demand graphicThis March during spring break, hundreds of Portland State University students received an email containing a virus. Several fell victim to this ransomware attack. At least one student’s computer was held hostage and locked down by the attack. His dissertation was out of reach, and he had no backup, so he paid a $600 ransom to rescue his files. Even police departments are ransomware targets.

A report from McAfee Labs predicts the number of ransomware attacks like these will increase in 2016, after almost tripling between 2013 and 2015. The FBI estimates that ransomware will be a billion-dollar business in 2016. The Beazley Breach Insights 2016 report says that colleges and universities are experiencing increased “spear phishing” incidents targeting students, faculty and staff with personalized, legitimate-looking emails with harmful links or attachments. “The relatively open nature of campus IT systems, widespread use of social media by students and a lack of the restrictive controls common in many corporate settings make higher education institutions particularly vulnerable to data breaches,” says the report.

Members of the SU community who follow good security practices are the best defense against ransomware and other threats. In addition, computers that are connected to Active Directory (AD) have the full suite of protections afforded by Information Technology Services (ITS) and have thus far been unaffected. However, there have been infections on systems not connected to AD where SU employees have lost important data.

How to defend yourself and the University

The most effective way to protect your data is to perform regular backups of all critical files to secure storage separate from your computer. In addition to your local drives, keep current copies of all your important documents on your University network drives. Depending on your affiliation, device and software your network drive is labeled:

  • Students: Documents; My Documents; homedir; Home Directory; or H:
  • Faculty and Staff: Documents; My Documents; homedir; Home Directory; H: or G:

Using your network drive(s) protects your data if your computer and local drives are infected. Even if the ransomware reaches across the network to encrypt files, ITS’s backup strategy for your files stored on the network will allow you to recover any data on G: and H: that was encrypted and locked. But ITS will NOT be able to recover maliciously encrypted data that is stored locally on your computer or external storage devices connected to your computer.

When you’re off campus, there are two ways you can connect to your network drive, DatAnywhere and the Syracuse University Remote Access (SURA) tool:

  • Students can download DatAnywhere to their computers, phones and tablets and keep their files at their fingertips and synced across all their devices. See the DatAnywhere for Students page at Answers.syr.edu.
  • Students can also download SURA to their Windows computer and connect to their network drive. See the SURA web page for more information.
  • Faculty and staff can connect remotely via SURA, which automatically configures a Windows personal computer to connect securely to University resources via a Virtual Private Network (VPN). They may also be able to use DatAnywhere under some circumstances. Contact your local IT support staff to discuss your options.

Equally important is to follow basic information security practices diligently :

  • Run up-to-date security and antivirus (AV) software on your devices. AV that’s out of date is no better than no AV at all.
  • Keep your system patched and your software updated to minimize the chances that bad guys can leverage software vulnerabilities to install malware.
  • Don’t run your computer as an administrative user.
  • Don’t click on links you’re not sure of, or download files, music, photos, documents or software from unknown sites.
  • Beware of phishing
    • Be suspicious of any email from senders you don’t know or that seems out of character for the sender. Make sure that the sender is actually who they appear to be before clicking on any links.
    • Verify the URL of any link before you click it by hovering your cursor over the link and examining the URL. If you don’t recognize the URL, don’t click it.
    • Never open attachments unless they are from someone you know, or you are expecting them.
    • Delete any suspicious emails, before opening them if possible.
  • Back up your data offline. For your University work, take the extra step to use your H: and G: drives frequently. They are backed up every night and can be recovered. Online backup services like iCloud, OneDrive and Google Drive don’t always offer a recovery mechanism and while generally acceptable for your personal data, they are not for University Data.
  • External hard drives used to back up your data may not be sufficient as some ransomware will encrypt them along with the computer to which they are connected.

How to know if you’ve been infected

  • Typically the ransomware will tell you. All you’ll see on your computer screen will be a window with instructions on how to pay the ransom.
  • You won’t be able to access your data, and probably won’t be able to use the computer.

What to do if your device has been infected

  • Do not pay the ransom!Criminals may or may not provide the encryption key that will allow you to access your data.
  • Immediately shut down your computer. Do not reconnect any offline drives or network shares until you’ve removed the ransomware by erasing your computer and reinstalling software.
  • All your hard drives will need to be erased, and your operating system and software applications re-installed on your computer:
    • If you’re on the University faculty or staff, or if it’s a computer owned by Syracuse University, contact your IT support team.
    • If you’re a student, bring your computer, and external hard drives or USBs that were connected when you got the message; the computer’s power cord; and all your operating system and application software media (DVDs, USBs, CDs); and passwords to the ITS Service Center during regular business hours. The Service Center is located just off the Milton Atrium through the double glass doors in room 1-227 in the Center for Science and Technology.
  • After your computer and any external drives have been erased and restored, recover your data from your offline backups.

Questions? Need help?

If you have any questions or need assistance, please do not hesitate to contact your local IT support team (if you’re SU faculty or staff) or the ITS Service Center (if you’re a student) at 315-443-2677 or help@syr.edu.

 

  • Author

Christopher C. Finkle

  • Recent
  • Action Required: Review and Commit to the Stay Safe Pledge
    Thursday, January 21, 2021, By News Staff
  • Future of News Production the Focus of NSF Planning Grant
    Thursday, January 21, 2021, By Wendy S. Loughlin
  • College of Law Adds Vincent H. Cohen ’92, L’95 to Board of Advisors
    Wednesday, January 20, 2021, By Martin Walls
  • Students Invited to Network and Skill-Build with Alumni
    Wednesday, January 20, 2021, By Gabrielle Lake
  • ‘Confronting ‘Who We Are”
    Tuesday, January 19, 2021, By News Staff

More In Campus & Community

Action Required: Review and Commit to the Stay Safe Pledge

Dear Students and Families: As you prepare for your return to campus, I want to remind you of the critical role each of us plays in protecting the health and well-being of our campus. Our individual actions impact our broader…

Students Invited to Network and Skill-Build with Alumni

Aligning with professional development journeys and supporting students as they navigate their career trajectory past graduation is a dedicated team that encompasses Career Services, faculty, staff and alumni. Unwavering and alongside the Orange community this team has worked to continue…

University College Announces Online Degree in Computer Programming

University College announces a new online bachelor of professional studies program (BPS) in computer programming. The program was developed in response to employers seeking graduates who have the skills to meet the demands of the rapidly changing field of technology….

Stadium Testing Center Closed for Planned Enhancements Wednesday, Jan. 20

Dear Members of the Syracuse University Community: Thank you for your ongoing participation in frequent COVID-19 testing. We want you to be aware, that due to previously planned enhancements at the Stadium Testing Center, the center will be closed on…

Important Information Regarding Proof of Eligibility for and Access to the COVID Vaccine

Dear Faculty, Instructors and Graduate Teaching Assistants: We are writing to provide you new information from the Onondaga County Health Department related to the COVID-19 vaccination distribution process. Eligibility Reminder At this time, per the New York State Department of…

Subscribe to SU Today

If you need help with your subscription, contact sunews@syr.edu.

Connect With Us

  • Twitter
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
Social Media Directory

For the Media

Find an Expert Follow @SyracuseUNews
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
  • @SyracuseU
  • @SyracuseUNews
  • @SUCampus
  • Social Media Directory
  • Accessibility
  • Privacy
  • Campus Status
  • Syracuse.edu
© 2021 Syracuse University News. All Rights Reserved.