FAQ

What do I do to protect against Ransomware?

Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.

US-CERT recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:

Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that network-connected backups can also be affected by ransomware;...

What is the possible impact of Ransomware?

Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including

temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the...

How does a computer become infected with Ransomware?

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited...

Why is Ransomware so effective?

The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users systems can become infected with additional malware. Ransomware displays intimidating messages similar to those below:

“Your computer has been infected with a virus. Click here to resolve the issue.” “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.” “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”

What is Ransomware?

Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency,...

How do I get approval to examine or disclose electronic communications records?

Authorization to access electronic communications, with or without consent, is coordinated through the the Campus Privacy Officer, Office of Ethics, Risk and Compliance Services:

Authorization to Access Electronic Communications

Can I access a former employee's email or files?

Access to former employee email or files is coordinated through the Campus Privacy Officer, Office of Ethics, Risk and Compliance Services:

Accessing Former Employee Email or Files

How do I run a credentialed Nessus scan of a Windows computer?

Credentialed scans are scans in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network. Examples of the sorts of checks that a credentialed scan can do include checks to see if the system is running insecure versions of Adobe Acrobat or Java or if there are poor security permissions governing a service. Information Security Office (ISO) runs Nessus scanners that are capable of running these credentialed scans; however, without accounts on the local machines, we...

Why did I get a Credential Exposure notice and what should I do?

Did you receive an email from security@berkeley.edu with Credential Exposure in the Subject line?

Please see our Respond to a Security Notice page for detailed information and instructions on how to respond.

Why did I get a Vulnerability Detected notice and what should I do?

Did you receive an email from security@berkeley.edu with Vulnerability Detected in the Subject line?

Please see our Respond to a Security Notice page for detailed information and instructions on how to respond.