Ransomware…. the term itself sounds daunting and it probably makes you think of ransom - a situation in which something/someone is held hostage until a demanded payment is obtained. Well, you aren’t wrong!
What is Ransomware?
Ransomware is a type of malware that may block users from accessing their system and personal files, or threaten to publish sensitive data, which the criminal uses as leverage for demanding a ransom payment. The victim is usually provided instructions for how to pay the requested ransom with promises to restore access upon payment.
Facts & Figures
- According to PurpleSec, the estimated cost of ransomware attacks in 2019 was $11.5 billion, and attacks in 2020 are projected to cost near $20 billion!
- In 2019 ransomware from phishing emails increased 109% over 2017 and some 68,000 new ransomware Trojans for mobile were detected in 2019.
- 61% of reported cyber-attacks against education organizations in 2019 were ransomware.
- It’s estimated that a business will fall victim to a ransomware attack every 14 seconds.
Who is Targeted?
When it comes to selecting victims, it could be as simple as an attacker casting a large net, sending malicious messages to any number of our users at random, or it could be a targeted attack focused specifically on high-level employees or employees from departments that are likely to have access to sensitive information.
And, while any potential ransomware attacks at BGSU have been minimal or mitigated, universities including Michigan State University, the University of California, San Francisco and Columbia College, Chicago, have not been so lucky.
Most ransomware attempts are initiated via email, in the form of phishing message. The messages appear to originate for someone/someplace they trust and entice the users to click on a link or download an attachment. Once opened, the criminals can access the user's computer or personal data.
Protect Yourself & the University
We advise users to adopt the following security habits to help avoid falling victim to ransomware attacks:
If the data is not needed, delete it.
If the data IS needed, ensure that is used or stored in a secure manner. You can contact the BGSU Information Security Office at firstname.lastname@example.org to discuss the best method for protecting your data.
DO NOT access restricted data on a personal device.
If you have administrator rights to your University device, use them only when needed. This level of access is not necessary and should not be used during normal computer use.