Imagine waking up in the morning to find an intruder living in your house, wearing your pajamas, eating out of your refrigerator, using your bank account, and answering the phone pretending to be you every time it rings. Maybe your initial reaction is to keep the situation to yourself because you don’t want to have to explain to anybody where the intruder got the panda onesie from, but you can’t ignore the fact that an intruder is living in your house. You would probably lock yourself in a room and call for help.
This scenario may seem a little extreme but it is identical to the situation you might find yourself in when your computer gets compromised. However, the longer you wait to fix the issue, the more the compromise may spread beyond your computer and your accounts.
The problem won’t go away until you report and clean up the compromise.
If this happens on your personal computer:
If your campus computer is compromised, follow the steps below:
It is essential that all university faculty, staff, and students should immediately report a security incident to improve the overall security environment.
See UM’s Information Security Mandatory Reporting Requirement Policy>>
Would you like to learn more about what you can do to keep yourself and your campus safe? Another resource you have available to you, beyond the required S&T yearly security training, is the Percipio cyber security training modules.
The Federal Bureau Investigation (FBI) Cyber Division warns that Higher Education institutions are getting targeted more frequently by ransomware.
For more information on the increasing threat of ransomware attacks on universities see the EDUCAUSE Review article titled “The Increasing Threat of Ransomware in Higher Educations” here.
Howard University in Washington, D.C is the latest victim of ransomware.
Ransomware is a form of cybercrime where malicious actors gain unauthorized access to an organization’s cyber resources and use that access as leverage to get the organization to pay a ransom. It has become a big problem for many organizations that has a presence is cyberspace, with may organization paying from thousand to millions of dollars to get access back. In recent years ransomware has turned into an industry, with organizations offering services to help mount ransomware attacks against selected targets.
Unauthorized access is normally gained through either malware download by the staff of the organizations, or through vulnerabilities in the software and cyber services the organization uses. Once access is gained, ransomware attacks usually take one of two forms. One form is where the malicious actor locks the organization out of its own network, key cyber resources, or important data files, and asks them to pay to get access back. Another form of ransomware is one where the malicious actor exfiltrates important private data and threatens to disclose the data to the public if the ransom is not paid. For universities, this private data can be student Personally Identifiable Information (PII) protected by the Family Educational Rights and Privacy Act (FERPA), Controlled Unclassified Information (CUI) that is part of important research, or Protected Health Information (PHI) protected by the Health Insurance Portability and Accountability Act (HIPAA).
For more information on Ransomware see the Cybersecurity and Infrastructure Security Agency (CISA) Ransomware 101 page here.
For more information on the attack see the TechCrunch article here, or the official statement from the Howard University Office of University Communications here.