Campus Awareness of Ransomware Risks

With the approaching holidays, the Office of Technology Services (OTS) wants to make you aware of the rising risk of ransomware incidents and the increasing size of ransom demands.

Ransomware is a type of malicious software (“malware”) designed to lock screens and/or encrypt files and deny access to a computer system or data until a ransom is paid. In 2019 the average ransom payment was $41,000; this year it is $234,000, a 470% increase. This damaging cyber-extortion event can also have critical consequences that leave organizations without the data needed to operate.

The Cybersecurity and Infrastructure and Security Agency (CISA) warns that ransomware has become more destructive and impactful in both nature and scope, affecting entire networks, deleting systems backups, and damaging servers, which makes restoration and recovery even more difficult. Instances of ransomware, the duration of which are also increasing, negatively impact not only an organization’s operation and finances, but its reputation.

How can YOU avoid becoming the target of a ransomware or other cybersecurity event?

Phishing Emails

  • Do not click on links from emails with an “[Ext]” designation in the subject line unless you are 100% confident that it is a legitimate email.
  • Do not enter your IIT (or any) credentials in response to an [Ext]-designated email. If it is absolutely necessary, access that organization’s website without using the link in the email to perform your task.
  • Do not open an attachment in an [Ext]-designated email unless you are 100% confident that it is a legitimate email.

Your Remote Desktop (RDP) IF You Don’t Access It through the VPN

  • If you are using your remote desktop to work remotely, you must access it through Illinois Tech’s VPN. OTS will enforce this following the January 8, 2021 Maintenance Window.
  • To learn how to access IIT’s Virtual Private Network (VPN), please click here. The VPN is a secure, encrypted Internet connection through which you can establish a safer connection to the university’s systems and your desktop, which may contain sensitive data.

“Drive-By Downloads”

  • A “drive-by” download is a type of cyberattack wherein a computer becomes infected with malicious software just by visiting a website, without your stopping or clicking anywhere on the infected page. When a user visits an infected page, the browser will automatically load the malicious code, which will then scan the user’s computer for security vulnerabilities in operating systems and other applications.
  • To help prevent this:
    • Update your software quickly and consistently or, alternatively, (re)configure your settings for auto-updates;
    • Update your browsers, browser plug-ins, and operating systems;
    • Remove unnecessary software and add-ons; and
    • Don’t download applications from the Internet that are not work-related.
  • Please be aware that cybercriminals can take advantage of vulnerabilities in legitimate websites or redirect you to another realistic-looking website that they control, leveraging these to implant malicious content on a site.

If you think you may be a victim of a cybersecurity attack, please:

  1. Disconnect the network cable and/or turn off the wireless device to prevent the device from communicating with the attacker and/or infecting other users. DO NOT TURN OFF THE POWER.
  2. Call the Support Desk at 312-567-3375 (on campus x7DESK) (at Conviser Law Center, call the ITS Help Desk at 312-906-5300 (on campus x65300) and let them know what you have observed, the actions you have taken, and where the device is located.
  3. As soon as possible from another device, not the one you were using when you first suspected a cyberattack, change your myIIT password. For information on minimum Illinois Tech password standards and tips on how to create a strong password, please click here.

Please do your part to help protect the university and remain alert!