Ransomware

Ransomware is a type of malicious software designed to block access to a computer system or data until a ransom is paid. 

Learn how to protect yourself and how to report suspicious communications containing ransomware.

Backup regularly and keep a recent backup copy encrypted on a separate system.

There are dozens of ways that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Backup and be sure to encrypt your backups. If you are unsure if your system is being regularly backed up, contact IT Client Services (ITCS).

Don’t enable macros in document attachments received via email.

Microsoft deliberately turned off the auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!

To ensure you have disabled macros please see this article: How to disable macros in Microsoft Office

Do not open unsolicited email attachments.

If you are unsure of an email or an attachment, don't open it.

Forward suspicious emails and attachments to consult@berkeley.edu or call 510-664-9000.

Don’t log in as an admin unless it's needed.

Don’t stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents, or other “regular work” activities while you have administrator rights.

Review network file share permissions.

System administrators should review file share permissions for users and groups, using the principle of least privilege. Damage to network file shares (e.g. departmental share) can sometimes be limited using strict permissions.

Stay up-to-date on software patches/updates.

Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Adobe Flash, etc. The sooner you patch, the fewer open holes remain. If you are unsure if your system is being regularly patched,  contact IT Client Services (ITCS).

Learn how to spot suspicious emails by visiting our phishing resources page.

Ransomware is commonly delivered via phishing emails that entice you to click on, download, or open a malicious file attachment. Visit our phishing resources page for tips on how to spot and avoid these attacks.

Source of several tips: Sophos