Wat is Ransomware?
Ransomware is malicious software that is used as a means of online blackmail. It is used to disrupt computer systems, collect sensitive data or get access to private computer systems. Ransomware is software that blocks access to a computer and/or the data on it and requests money from the user to be able to ‘release’ the computer. The Dutch government warns that paying doesn’t necessarily lead to decryption of the computer.
My computer shows a message telling me that my files are encrypted and will only be decrypted after having made a payment. What should I do?
It’s important to stop the encryption process as soon as possible, as well as prevent further spreading of the ransomware by switching off the pc and unplug it from the network.
What happens if I do (not) pay?
It is recommended not to pay. In almost all instances you will not get your files back or receive a decryption key after paying.
How will I get my files back?
Contact the ICT Servicedesk (LISA). In some cases your hard drive can be removed from your system and files that have not yet been encrypted can be saved.
This situation underlines yet again the importance of making back-ups.
Usually back-ups are available for files saved on network drives.
How can I prevent infection by ransomware?
Always use a good anti-virus program and firewall. Make sure that these are always active and up-to-date. These settings in the programs are switched on by default.
Make sure that your operating system, such as Windows or MacOS, and programs are always upgraded to the latest version. Crypto viruses like to use security leaks in software.
Never simply open attachments in emails if you don’t know what they are and do not click on unfamiliar links in emails, or on links and banners on dubious websites. Check the link that has been added to the email.
Download and use software from trusted providers only. Be extra careful with software from software collection websites or software downloaded through torrents.
Regularly back up your files on an external data storage device or in the cloud. Detach this storage device after having made the back-up, because otherwise this it could also be infected by a crypto virus.
Check the sender of the e-mail.
Never give out any personal or sensitive/ confidential data.
When in doubt, contact the sender of the e-mail.
For more advice contact the LISA ICT Servicedesk.
Does using an (extra) anti-virus program help?
Yes, but only if the anti-virus program is up-to-date.
Even though encrypted files cannot be recovered, the anti-virus program can usually remove known ransomware.
How can I prevent malicious people from getting access to my pc?
Malicious people gain access to your pc by getting you to execute/install a program that opens up this opportunity for them. Try to recognize this type of programs and do not take any risk by not running a program like that.
Malicious people can also gain access to a computer through a “leak” in the operating system, and run a program when the computer is connected to a network. Make sure to repair this “leak” by installing the latest updates.
Use an up-to-date anti-virus program and a properly set up firewall.
How can I check if my computer has installed the latest updates?
In the settings of your operating system you can check the update status under “updates & Security”.
What should I do if my old operating system is no longer supported by Microsoft?
During the last global attack it turned out that Microsoft PCs that were affected were missing a specific update (patch MS17-010).
For operating systems supported by Microsoft this patch has been included in the updates. Because of the importance of this patch Microsoft has decided to release it for operating systems that are no longer supported as well. Check the Microsoft website to download this patch for your old operating system. You can also ask the LISA ICT Servicedesk for help.