Education & Training

Ransomware attacks have been on the rise for several years. This trend has taken a sharp upturn during the current pandemic, as cybercriminals seek to exploit vulnerabilities exposed by increasing reliance on personal devices and remote access.

Universities are prime targets for several reasons. One of those reasons is the perceived ease of access. Part of our mission and culture is to promote the free exchange of ideas. We want to limit barriers and provide tools to make it as easy as possible for students, faculty and staff to collaborate and share information, while maintaining the appropriate security. Maintaining that security poses unique challenges in a University setting, where an ever-changing group of individuals use a variety of personal devices to access University resources, often via wireless network or remote connection.

Universities are also targeted because they house a wealth of valuable data, including social security numbers, medical records, financial information such as bank account numbers, and intellectual property of significant scientific and commercial value. Universities with medical centers and substantial research programs — like Penn State — are particularly attractive targets.  2020 has seen significant ransomware attacks at a number of major Universities.

Different types of ransomware rely on different tactics to gain leverage for demanding payment.

• The most common tactic is to encrypt files on your device, preventing you from accessing them. A message on your screen then demands that you follow specific instructions for paying a fee (typically using bitcoin) in order to get the decryption key you need to access your files.
• The same tactic can and has been applied to servers at major universities, locking up an entire network, or holding critical data hostage.
• Some ransomware masquerades as anti-virus software or a cleaning tool. It takes the form of a message that indicates that a virus or other issue has been discovered on your computer and insists that you click a link or download software in order to resolve the issue – for a fee, of course. You may be inundated by pop-up warnings or prevented from navigating away from the site to attempt to force you to comply with the demand.
• More aggressive forms of ransomware may lock your computer screen or hijack your operating system altogether, displaying unwanted images, or preventing you from using your computer at all unless you pay the demanded amount of money.
• An increasingly common form of ransomware may threaten to publicize sensitive information found on your hard drive.

The demands may come disguised as an action by a law enforcement agency such as the FBI, indicating that your computer had been blocked because you were caught engaging in illegal online activity, and must pay a fine to unlock your computer.

It may suggest that you or some other process deleted decryption software from your device and advise you to click a link or locate and run a file on your computer in order to decrypt your files. (Don’t do it!)

It may also be accompanied by threats that indicate your files will be deleted, or the encryption key destroyed if you attempt to remove the malicious software or fail to pay the ransom within a certain timeframe.

Like most malicious software, ransomware can be introduced to your device in several ways. Your device may become infected when you do any of the following:

• Click a link in an email that contains malicious code
• Download or open an email attachment that contains malicious code
• Click on an advertisement that contains malicious code
• Download software from an untrustworthy site
• Download legitimate software that has been infected
• Visit a legitimate website to which the malicious software has been introduced – in some cases, even if you don’t click any links on the website. 

Visit Protect your Devices, your Data and your Penn State Account to learn how.

Refer to What to do in case of a Security Incident to learn how to respond.