Ransomware is becoming one of the most widely-known types of cyber attacks today. It is malware that uses asymmetric encryption, or cryptography that uses a pair of keys to encrypt and decrypt a file. This encryption is used to block the victim’s data and hold that data at ransom. The attacker tells the victim that the private key will be made available to them only after a ransom is paid. Typically the victim is told via the ransomware that they have a specific amount of time, usually 24 to 48 hours, to pay the ransom. If the ransom is not paid by the deadline, the encrypted data will be forever gone.

Key things to remember with ransomware:

1. The attacker is going to use threats to scare you into paying the ransom.
2. The attacker may say that they will expose certain online activity if you don’t pay.
3. The attacker will almost always say that they have encrypted all your files and that you must pay the ransom in order to get the private key to decrypt, or unlock, the files.
4. Do NOT believe that if you pay the ransom you will get your files back.
   • The attacker does not care if you get anything back, so you may be able to recover only some of the files for decrypting.
   • You may not get any of your files back.
5. If you want to have all your files and in the same condition they were in when you last were able to access them, BACK UP YOUR (i.e., the Institute’s) DATA.
   • Remember that if you back up your data regularly, you will not have to worry about paying a ransom!
   • More than one backup is a great thing!
   • Store your backup(s) in a completely different location than the location of your computer storing the files and lock any external hard drive or flash drive in a cabinet that no one else can access.
     1. Store in a separate building, in case of natural disaster, fire, environmental issues, terrorism, theft, etc.
     2. Store in the cloud using OneDrive for Business or UT’s Google Drive, but maintain another backup to be safe.
        • OneDrive and Google Drive are UT’s recognized, supported, and approved cloud solutions.
        • These two cloud solutions are certified for HIPAA, FERPA, and other compliance-related data.
        • These two cloud solutions are responsible for backing up data stored in their cloud space, but their backup processes may vary and they only store data for up to 30 days, so anything older than 30 days will be gone.
        • Do NOT use Dropbox as your storage and/or backup solution, as the Institute does not approve or support its use.
     3. Never leave an external hard drive or flash drive used for backups to be left attached to the computer it is backing up, as any ransomware on the computer will be synced to the external drive and will encrypt the external drive, as well.
     4. Password-protect the external drive(s) used for the backup so no one else can access it.
6. Don’t think it won’t happen here because agriculture is a top-five sector for targeting.

So remember that ransomware is a dangerous threat and it is always evolving, like any threat. If you have questions about backing up the Institute’s data, do not hesitate to contact me.