Ransomware is a malicious program that encrypts files in order to elicit a monetary payment. Game over Zeus, Cryptolocker, and WannaCry are some examples of recent ransomware attacks. While UW-Parkside network tools are powerful they cannot stop 100% of attacks and ransomware attacks.
A common scenario proceeds as follows. A user visits a malicious Web site or clicks an infected file and is presented with the information window that demands a payment via untraceable methods such as bitcoin to decrypt the files. No files can be accessed unless the payment is made. In the meantime, the infection spreads to all files on the user's machine, to files on any connected drives (including external drives that may be used for backups), and to files of other users on the same network.
While some individuals have succeeded in getting their files decrypted after paying, that is not guaranteed. The payment may also encourage further attacks and advancement of ransomware. State funds may not be used to make ransom payments. If you encounter ransomware on your computer, notify a CTS by following our guidelines on How to Report a Cyber Incident. The sooner the problem is identified, the greater the chance of recovering the data from older backups. Some data loss may still occur.
The best protection is prevention. Exercise good judgment about clicking attachments or visiting unfamiliar Web sites. Sometimes it may be possible to avoid infection by not clicking the ransom window and instead rebooting immediately. If you do encounter ransomware, please notify CTS immediately.