Ransomware (e.g. Locky, Cryptolocker) hit the security news headlines recently (e.g. a hospital’s business was serious affected in February 2016). Ransomware is malicious software which encrypts files until a ransom is paid, and in some cases, normal use of the infected computers cannot be resumed even a ransom is paid. After being attacked, the ransomware can encrypt files and folders, lock the computer screen or interrupt the normal startup process of the PCs. Ransomware typically propagates in the form of a Trojan horse which enters a computer through a downloaded file, emails with malicious attachments, malicious website, or network vulnerability e.g. via Advanced Persistent Threat (APT).
According to the newsletter of BBC, there were almost 19 million copies of ransomware emails caught by a security firm in late February to early March 2016. For the case of Hong Kong, 15 ransomware related incidents were received on 16-18 March 2016 according to the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT). There may be more unreported cases.
University members are reminded to stay alert of ransomware. The following preventive steps are recommended:
- Regularly backup your PC data and keep a recent backup copy off-line (this also helps in case your PC or mobile device cannot be used suddenly e.g. due to hardware failure).
- Delete any suspicious emails received and do not open them.
- Do not run any suspicious files.
- Do not enable macros in document attachments received via email.
- Be cautious of unsolicited attachments.
- Do not visit suspicious websites.
- Ensure anti-virus software is installed on your PCs and keep it up-to-date with the latest virus signature.
- Keep the operating systems of your PCs up-to-date.
- Limit the privilege and access right of shared network drives by a small group of people who have genuine needs in accessing the shared drive.
For more information about ransomware, you can refer to our FAQ page at http://www.its.hku.hk/faq/infosec/awareness/ransomware. In case you have any questions on the above, please feel free to contact our Service Desk Team at email@example.com or 3917 0123.
Information Security Team
Tel: 3917 5952