Information Security Central - May Edition

​The rapid proliferation and damaging impact of the "WannaCry" virus earlier in the month has led to a lot of subsequent discussion about ransomware. But how does that impact you?

What is ransomware?

"Ransomware" refers to any piece of malware that locks you out of your computer or data, demanding some form of payment before allowing you access. Ransomware has been around for a while, but recent examples of ransomware have been particularly devastating; They can encrypt the entire contents of your hard drive, rendering your files inaccessible without the proper "key." The nastier variants of ransomware are able to jump from computer to computer on a network, and some even attempt to delete your backed-up files to further incentivize you to pay the ransom.

What is encryption?

Let's back up for a second. To understand what makes ransomware so scary, it's important to understand the basics of encryption. You've probably heard of it already, and it's most commonly associated as something security experts recommend that you do with your files and internet connection--so it's a good thing, right? Well, that's definitely true, but it can also be used against you.

In short, encryption is a method for locking your files up and requiring a key to access them. Think way, way back to secret messages and decoder rings. At a very basic level, encryption is analogous to that, but the method for breaking the code infinitely more complex. Without the key, it's practically impossible to recover the contents of the message. In this case, the "message" is the 0s and 1s that make up your files, and the "key" is a very large, semiprime number.

How do I avoid ransomware?

The best way to avoid ransomware is to follow the advice that we give our regularly: Never open attachments in suspicious messages, and don't click any links in them either. If you're not sure if a message is legitimate, contact the OIT Help Desk to inquire about it.

In the case of ransomware, it's also very important to make sure that your operating system is patched and up to date, and your antivirus definitions should also be current. Because viruses are able to look for exploits in networking and OS technology to hop between computers on the network, this helps safeguard your computer against contracting a virus from other infected computers.

What do I do if I am infected with ransomware?

Unfortunately, the answer to this question will vary in each case. In the majority of circumstances, there's a very good chance that you're out of luck--at least for now. The best thing you can do in the short term to mitigate further damage is to take the computer off the network to isolate the virus from spreading.

You'll likely have to wipe your hard drive and start over with a fresh install of your operating system--but before you do, make a backup of all of your files if you can, even if they are encrypted and inaccessible. Sometimes security experts are able to find a flaw that they can exploit to recover files encrypted with a particular piece of ransomware, though this may take months or years, or it may never happen.

Most industry experts recommend against paying the ransom to recover your files, because this only serves to create a ransomware economy that benefits scammers. The fewer people who pay the ransom, the less incentive there is to produce ransomware. At the same time, there's no guarantee that paying the ransom will allow you to recover your files. Since the scammers require payment in untraceable bitcoin, they can leave you high and dry as soon as you pay them.

Just play it safe

As always, we recommend that you simply play it safe to avoid ransomware and that you avoid making hasty or panicked decisions if you find out that your computer is infected. If you're on a CMU computer, make sure that you contact the Help Desk or a local technician prior to taking any action. Prevention is best, but barring that, we'll help mitigate further damage as much as possible.