What is Ransomware?

Ransomware is malicious software that encrypts your files. The attackers will ask for "ransom" or fee before providing a decryption key allowing you to regain access to your files.It is often not possible to recover this encrypted data any other way. We are continuing to see ransomware attacks and expect their frequency to increase.

How can I get infected with Ransomware?

Ransomware is usually installed on a computer from a phishing email, a pop-up, or malicious advertising. A phishing email will have malicious attachments or links to malicious websites.  Antivirus may or may not detect a malicious attachment, so it’s important for you to be vigilant. You might see a pop-up telling you your computer is infected and asking you to click for a free scan. Clicking the link will install ransomware. Malicious advertising on otherwise legitimate websites can also contain ransomware links if clicked. 


Once one device is infected with ransomware, it can spread to connected network shares and drives. 

How can I protect myself against Ransomware?

There are two main ways to protect yourself against ransomware:

  1. PreparationBACK UP YOUR INFORMATION REGULARLY. Once a ransomware infection occurs, it’s often too late to recover the encrypted information. Your research project or other important information may be lost permanently. For more information on backups, visit https://www.rit.edu/security/content/backing-your-data.
  2. Identification. Learn to identify phishing emails and malicious pop-ups. 

Additional Ways to Prepare

  • Keep your system (and mobile devices) up to date with patches. If you’re prompted by your computer or mobile device to install updates, accept them at your earliest convenience.
  • Don’t do day-to-day work using an administrator account. A successful ransomware attack will have the same permissions that you have when working. If you’re not using an account with administrator privileges, the initial attack may be foiled.

What do I do if I think I’m infected?

  • Report the ransomware attack to your service desk immediately.
  • Isolate or shut down the infected computer. (If you’re on Wi-Fi, turn off the Wi-Fi. If you’re plugged into the network, unplug the computer. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives.)