Take action to stop ransomware attacks

Ransomware is the number one cyber threat facing higher education, and these types of attacks against universities doubled between 2019 and 2020, according to BlueVoyant cybersecurity experts. 

In recent weeks in North Carolina, both Central Piedmont Community College in Mecklenburg County and Chatham County Schools were targets of ransomware attacks. An increase in ransomware attacks targeting higher educational institutions, K-12 schools and seminaries prompted the FBI to issue an advisory notice in March.

Cybercriminals use this type of malware to infect your devices by encrypting all of your data files. The most common way that ransomware is deployed is via a phishing email with a malicious link or attachment. Clicking the link or opening the attachment will download the malware from the internet to your device and execute it automatically. The ransomware generally will add the following extensions to encrypted files: .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .peyta. 

When you attempt to open any of the encrypted files, you will see a pop-up message on your screen with instructions to pay the ransom. There is no guarantee that you will receive your data, even if you pay the ransom. Sometimes cybercriminals demand additional payments, delete your data, refuse to provide you the key to regain access, or they refuse to decrypt any of your data at all. 

How to protect yourself against ransomware

Like other cyber attacks, you can take prudent steps to avoid a ransomware attack or to protect yourself after an attack:

  • Back up your important files regularly. When you make backups, consider storing them in two different places — and ensure one location is offline. Prior to installing backup software on your university-assigned device, contact your IT support staff to determine your backup options for work-related files. Note that ultra-sensitive data cannot be stored in Google Drive. Consider using backup software such as Code 42, which has a ransom-recovery feature. Use a trusted backup service provider to store your personal files at home.
  • Exercise caution so you don’t get phished. Do not click on links or attachments in emails if you don’t know the sender. If you happen to know the sender, but the email has obvious errors and raises suspicion, contact the sender directly to ensure the legitimacy of the email. If you believe it is spam, delete it immediately without opening it. Avoid suspicious websites and don’t download applications or programs from untrusted or unknown websites. If in doubt, read reviews from reputable sources about the applications or programs.
  • Make sure your operating system and software are up-to-date. If supported, set your operating system to automatically get updates from your vendor or the university. Keep your software and apps up-to-date, patched and running on the most current version of your operating system.
  • Make sure your antivirus software is up-to-date. It will recognize known threatening sites, downloads and spam — stopping the ransomware before it can install itself onto your device.
  • Disconnect from the internet. Typically, you will know that your system is infected with ransomware when you see a pop-up message on your screen demanding ransom in exchange for a password to access your system or files. If this happens to you, immediately disconnect from the internet and contact your IT support staff for assistance.
  • Seek help immediately. 
    • If the ransomware has infected your university-assigned computer, immediately contact your IT support staff or the NC State Help Desk via the IT Service Portal or call 919.515.4357 (HELP). 
    • If you are a student and need assistance with your personally owned device, visit the NC State Walk-in Center in Room 101 of the West Dunn Building at the corner of Cates Drive and Thurman Drive. 
    • Be careful in your decision to pay. Paying the attackers could flag you as a potential future victim, and there is no guarantee you will regain access to your data. 

For additional information, see: