Education & Training
Office of Information Security
Universities are one of the most common targets of this form of malicious software. Learn what it is, how to protect yourself, and what to do your device is infected.
WHAT IS RANSOMWARE?
Have you ever been locked out of your own house? If so, chances are you inadvertently did it to yourself. Imagine being locked out on purpose, by a criminal who refuses to let you back into your own house – even threatens to burn it down – unless you pay a ransom. Now imagine that it’s not your house he holds hostage, but rather the files on your computer. That’s ransomware in a nutshell.
Purpose of extortion
Like viruses and spyware, ransomware is a form of malware – malicious software that allows an attacker to gain unauthorized access to the files on your computer, smartphone, or other internet-connected device.
What distinguishes ransomware from other types of malware is its purpose. Ransomware allows the attacker to take control of files on a device, a server, or an entire network for the specific purpose of extorting money from an individual or organization.
Click each topic below to expand it.
don't modify this so accordion stays closed
Why should I be concerned?
Ransomware attacks have been on the rise for several years. This trend has taken a sharp upturn during the current pandemic, as cybercriminals seek to exploit vulnerabilities exposed by increasing reliance on personal devices and remote access.
Universities are prime targets for several reasons. One of those reasons is the perceived ease of access. Part of our mission and culture is to promote the free exchange of ideas. We want to limit barriers and provide tools to make it as easy as possible for students, faculty and staff to collaborate and share information, while maintaining the appropriate security. Maintaining that security poses unique challenges in a University setting, where an ever-changing group of individuals use a variety of personal devices to access University resources, often via wireless network or remote connection.
Universities are also targeted because they house a wealth of valuable data, including social security numbers, medical records, financial information such as bank account numbers, and intellectual property of significant scientific and commercial value. Universities with medical centers and substantial research programs — like Penn State — are particularly attractive targets. 2020 has seen significant ransomware attacks at a number of major Universities.
How does ransomware work?
Different types of ransomware rely on different tactics to gain leverage for demanding payment.
- The most common tactic is to encrypt files on your device, preventing you from accessing them. A message on your screen then demands that you follow specific instructions for paying a fee (typically using bitcoin) in order to get the decryption key you need to access your files.
- The same tactic can and has been applied to servers at major universities, locking up an entire network, or holding critical data hostage.
- Some ransomware masquerades as anti-virus software or a cleaning tool. It takes the form of a message that indicates that a virus or other issue has been discovered on your computer and insists that you click a link or download software in order to resolve the issue – for a fee, of course. You may be inundated by pop-up warnings or prevented from navigating away from the site to attempt to force you to comply with the demand.
- More aggressive forms of ransomware may lock your computer screen or hijack your operating system altogether, displaying unwanted images, or preventing you from using your computer at all unless you pay the demanded amount of money.
- An increasingly common form of ransomware may threaten to publicize sensitive information found on your hard drive.
The demands may come disguised as an action by a law enforcement agency such as the FBI, indicating that your computer had been blocked because you were caught engaging in illegal online activity, and must pay a fine to unlock your computer.
It may suggest that you or some other process deleted decryption software from your device and advise you to click a link or locate and run a file on your computer in order to decrypt your files. (Don’t do it!)
It may also be accompanied by threats that indicate your files will be deleted, or the encryption key destroyed if you attempt to remove the malicious software or fail to pay the ransom within a certain timeframe.
How might I get infected?
Like most malicious software, ransomware can be introduced to your device in several ways. Your device may become infected when you do any of the following:
- Click a link in an email that contains malicious code
- Download or open an email attachment that contains malicious code
- Click on an advertisement that contains malicious code
- Download software from an untrustworthy site
- Download legitimate software that has been infected
- Visit a legitimate website to which the malicious software has been introduced – in some cases, even if you don’t click any links on the website.
What can I do to protect myself from ransomware?
Visit Protect your Devices, your Data and your Penn State Account to learn how.
What should I do if I'm the victim of an attack?
Refer to What to do in case of a Security Incident to learn how to respond.