Information Security: Ransomware


Ransomeware is a term that describes malicious software that attacks a computer and requires payment of a "ransom" to remove the harmful effects of the software.

Spread through e-mail attachments, links in Twitter or Facebook posts and through infected websites (often porn sites) this ransomware has been seen targeting companies through phishing attacks.

This type of ransomware will encrypt users' files using a type of encryption that requires both a public and private key to decrypt the files. It is known as asymmetric encryption.

While conventional anti-malware products can often remove this software they cannot recover encrypted files. Those files will be lost forever.

As with all malware, your best course of action is to understand and follow the basics of safe computing:

  • Never click links in e-mail that come from unknown senders. Be suspicious of any link even when sent from someone you know. Their machine could be infected without their knowledge. When in doubt...delete the e-mail!
  • Back up important files to a network share, removable media or a Cloud service like Google Drive or Dropbox. Don't forget to periodically check that your files are backing up and that you can restore them. An untested backup can be no better than no backup.
  • Be sure you have a quality Anti-Virus product installed on your computer and that it is updated frequently.
  • Be sure you have your operating system's critical updates set to install automatically and check periodically to see that they are current.
  • Stay away from questionable web sites. Often, sites hosting illegal file sharing, pornography, etc. are used to distribute malware. This doesn't mean these are the only sites that can infect your computer so it's important that you remain aware of unusual behavior from your computer and act quickly if you think your machine has become infected.
  • If you are using a Windows operating system, be sure "System Restore" is enabled and functioning on your computer. This can allow a "point in time restore" which can make quick work of fixing an infected Windows computer.

If you think your computer is infected or have questions, please contact the ITS Help Desk at 607-777-6420 or e-mail