RVC Learn - General News

Ransomware Advice

 
Picture of Spark Alistair
Ransomware Advice
by Spark Alistair - Monday, 15 May 2017, 9:35 AM
 

In the wake of, a large-scale cyber-attack (ransomware) that has disrupted NHS services across England and Scotland and reports of infections in 99 countries, including Russia and China, you should take extra care when opening email attachments, web links in emails and accessing websites.

Ransomware – a type of malware which ‘locks’ the files on a computer and then demands payment to unlock them – is a growing threat all across the world.

Ransomware attacks are launched via phishing scam email and a successful attack could have a major impact on your data and that of your colleagues.

How do I recognise a Ransomware attack?

The method of infection depends on what ransomware is being distributed, but the most common means of infection are:

  1. Emails with an attachment containing some enticing document. The person will click on the attachment, usually a fake PDF or a Word document, only to find out, it contains harmful content.

  2. Downloading content from the web, it may be advertised as an interesting document, but turns out to be a harmful program.

  3. Drive-by infections via compromised advertising banners. Those ‘ad banners’ you find on web sites, can (and sometimes do) contain malware, including ransomware, so think twice before opening ‘ad banners’ on websites, such as ‘Top 20 cutest dog breeds around the world’, ‘top ten cutest puppies‘ etc.

The anti-virus and anti-malware protection should prevent this sort of thing from happening on the RVC PCs, and it is still essential that you have an up to date anti-virus protection on your personal PC/Mac. Whilst we are taking steps to help prevent infection of this virus, please be vigilant when opening emails and attachments and when downloading files. If you’re not expecting it you should delete it.

Ransomware emails seen at the RVC have had the following subject lines:


  • Invoice

  • Unable to deliver your parcel

  • Purchase order

  • Overdue payment


You should take extra care with emails with these subject lines but also be aware that the attacker could use any subject which might hope to attract your attention.


What can I do to protect myself from Phishing Scams and malware/ransomware?

  1. The data on the RVC’s network drives, such as, O, R, J, G, H, U, V and databases and servers is secure and backed up regularly. If you are saving research/work related data on external USB drives or local drives of your PC/Mac, then please contact helpdesk@rvc.ac.uk to seek advice on best practice.

  2. If you are using a computer at home, ensure that your antivirus package is up to date (and is being regularly updated).

  3. Given that ransomware frequently exploits the weaknesses in older versions of Java and Adobe software, it is important to use the latest versions of these and to update them regularly.

  4. If you find a USB flash drive, DO NOT use it, as it may contain harmful content.

  5. If you believe, your computer is infected, you should disconnect your computer from the power supply immediately and contact helpdesk@rvc.ac.uk or +442074685181.

  6. Do not plug in any USB storage device in an attempt to recover backed up data, as it may infect your backups.

  7. Do not pay the ransom. There’s no guarantee you’ll get your files back if you pay the ransom, and it could make you a target for more malware.

  8. NEVER RESPOND TO A REQUEST FOR YOUR PASSWORD sent by e-mail, even if the request appears legitimate. RVC IT staff will NEVER ask for your password.

  9. Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call. Do not open attachments in unexpected or suspicious e-mails or instant messages.

  10. Do not click anywhere on the e-mail—even in what may appear to be white space. Delete the e-mail or instant message.