Computers are constantly attacked by viruses, spam, etc. The users are constantly attacked by spam, phishing mail and sites. To be protected against this, LISA provides IT security service. LISA offers support in the field of 'incident response'. Incidents can be reported to the Computer Emergency Response Team - University of Twente (CERT-UT). LISA provides advice in the field of computer security and offers support to project managers to ensure that projects yield safe results. LISA employs a Responsible Disclosure policy for reporting and tracking vulnerabilities in systems and applications used by the University. In addition, LISA deploys tools and resources to optimize the security of the university.
Reports will be dealt with as soon as possible.
For support and information, use the Cyber safety website.
Manuals & Links
What is Ransomware?
Ransomware is malicious software that is used as a means of online blackmail. It is used to disrupt computer systems, collect sensitive data or get access to private computer systems. Ransomware is software that blocks access to a computer and/or the data on it and requests money from the user to be able to ‘release’ the computer. The Dutch government warns that paying doesn’t necessarily lead to decryption of the computer.
(source: Wikipedia)Was this information useful?Thank you for your feedback
My computer shows a message telling me that my files are encrypted and will only be decrypted after having made a payment. What should I do?
It’s important to stop the encryption process as soon as possible, as well as prevent further spreading of the ransomware by switching off the pc and unplug it from the network.Was this information useful?Thank you for your feedback
What happens if I do (not) pay?
It is recommended not to pay. In almost all instances you will not get your files back or receive a decryption key after paying.Was this information useful?Thank you for your feedback
How will I get my files back?
Contact the ICT Servicedesk (LISA). In some cases your hard drive can be removed from your system and files that have not yet been encrypted can be saved.
This situation underlines yet again the importance of making back-ups.
Usually back-ups are available for files saved on network drives.Was this information useful?Thank you for your feedback
How can I prevent infection by ransomware?
Was this information useful?Thank you for your feedback
- Always use a good anti-virus program and firewall. Make sure that these are always active and up-to-date. These settings in the programs are switched on by default.
- Make sure that your operating system, such as Windows or MacOS, and programs are always upgraded to the latest version. Crypto viruses like to use security leaks in software.
- Never simply open attachments in emails if you don’t know what they are and do not click on unfamiliar links in emails, or on links and banners on dubious websites. Check the link that has been added to the email.
- Download and use software from trusted providers only. Be extra careful with software from software collection websites or software downloaded through torrents.
- Regularly back up your files on an external data storage device or in the cloud. Detach this storage device after having made the back-up, because otherwise this it could also be infected by a crypto virus.
- Check the sender of the e-mail.
- Never give out any personal or sensitive/ confidential data.
- When in doubt, contact the sender of the e-mail.
- For more advice contact the LISA ICT Servicedesk.
Does using an (extra) anti-virus program help?
Yes, but only if the anti-virus program is up-to-date.
Even though encrypted files cannot be recovered, the anti-virus program can usually remove known ransomware.Was this information useful?Thank you for your feedback
How can I prevent malicious people from getting access to my pc?
Malicious people gain access to your pc by getting you to execute/install a program that opens up this opportunity for them. Try to recognize this type of programs and do not take any risk by not running a program like that.
Malicious people can also gain access to a computer through a “leak” in the operating system, and run a program when the computer is connected to a network. Make sure to repair this “leak” by installing the latest updates.
Use an up-to-date anti-virus program and a properly set up firewall.Was this information useful?Thank you for your feedback
How can I check if my computer has installed the latest updates?
In the settings of your operating system you can check the update status under “updates & Security”.Was this information useful?Thank you for your feedback
What should I do if my old operating system is no longer supported by Microsoft?
During the last global attack it turned out that Microsoft PCs that were affected were missing a specific update (patch MS17-010).
For operating systems supported by Microsoft this patch has been included in the updates. Because of the importance of this patch Microsoft has decided to release it for operating systems that are no longer supported as well. Check the Microsoft website to download this patch for your old operating system. You can also ask the LISA ICT Servicedesk for help.Was this information useful?Thank you for your feedback