CaTS | Information Technology

IT Security Update: September 2018

Ransomware

Ransomware has been in the news quite a bit lately. Reports about hospitals having to pay a 'ransom' to unlock encrypted files have made the news several times over the past year.

What is Ransomware?

Ransomware is malicious software that is typically delivered via an email phishing scam. For example, an infected file attached to an email can install a program that encrypts documents without the user knowing. These small programs also look for any attached USB and network drives (such as our H, K, and R drives), to encrypt documents and backups on those drives. Once encrypted, the documents are no longer usable without a key to decrypt them. 

Where Does 'Ransom' Come In?

For a price, the 'bad guys' will provide you with the key to decrypt your documents. They usually want payment through a non-traceable method, such as electronic currencies like Bitcoin.

How is CaTS Protecting the University Against Ransomware?

The first line of defense is an email protection system that blocks malicious files from reaching your inbox. This solution blocks the majority of ransomware threats, but is not 100% effective due to many variants that are created on a daily basis.

The second line of defense is the antivirus/antimalware program installed on the local computer. Since many individuals on campus don't use our network storage, this protection becomes very important in keeping documents safe from ransomware. To that end, CaTS is deploying SentinelOne, a next generation antivirus/antimalware program that is not only signature based but also uses machine learning and behavior based analysis to detect malicious software. Additionally, SentinelOne protects locally stored documents by creating a protected backup that can be utilized to restore those documents. 

CaTS will be contacting individual departments to arrange installation of SentinelOne on a department by department basis.

As a last line of defense, documents stored on our network storage (H, K, and R drives) can be restored from backups that are performed every night. These backups are not accessible from your computer, therefore, the ransomware cannot encrypt them.

Questions?

If you've fallen victim to ransomware, shut down your machine and call the CaTS Help Desk immediately. If you have any questions, call us at (937) 775-4827, or email helpdesk@wright.edu