Ransomware targets everyone … but you don’t have to be everyone

Related topic: An FBI agent will discuss cybersecurity at a free lunch talk on campus from noon to 1 p.m. 10/26 in TC 3. See details.

“Ransomware” is malicious code that hackers install on your computer to encrypt and lock up your files. Then they tell you to send them money if you want your data back.

The volume of attacks has risen sharply, and although anyone can be a victim, education is a top target. But you can take some fairly simple steps to protect yourself.

Ransomware can target documents (Word, Excel, PowerPoint, PDF, etc.), pictures, and configuration files that your computer needs to function. The infection can extend to anything connected to the computer.

Millions of infections

This kind of malware first appeared about six years ago, but the number of attacks surged by 172 percent in the first half of 2016 compared to a year earlier, writes UC Davis Information Security Analyst Wayne Fischer in a recent post on the UC IT blog. The most likely reason is the payoff that ransomware generates for hackers.

“So many people pay the $250–$350 fee to regain access to their files, especially if they do not have a viable backup or don’t have time to recreate or restore the data,” Fischer says. An estimated 1 percent of infected victims pay the ransom. With millions of infections, he says, “this is a lot of instant money.”

Even if you pay, of course, hackers might attack you again.

What to do about it

So what do you do? Fischer summarizes nine best practices, including regular backups of your files, timely patching, and using good anti-virus and anti-malware programs. Follow all nine, and you should be in good shape.

“The best practice is to back up your important files and store these off-site or disconnected from your active computer,” he writes. “Follow this one rule if you do nothing else, and ransomware won’t ruin your day, or your data.”

He also offers advice about how to respond if you are infected. “Don’t panic or rush to pay,” he writes. “Help is often available.”

October is National Cybersecurity Awareness Month. For more cybersecurity resources, please see the UC’s Cyber Security Awareness website.