However, IT departments have learned to counter these attacks by backing up their data on to data backup servers. In the event one or more computers is infected with ransomware, they can simply destroy the infected hard drives and install a new one with the latest data backups. In the end, the data is saved and the user does not have to pay the ransom.
Unfortunately, this is no longer the case as cyber attackers have ramped up their tactics to counter the data backup hurdle. We are now seeing that once they encrypt the files and set the ransom, they then threaten to publicly disclose the sensitive data if the ransom is not paid. The victim(s) will need to pay the ransom in order to prevent the compromised data from being disclosed even if the hard drives are replaced. To make things worse, even after the ransom is paid there is no guaranty the attacker(s) will keep to their end of the bargain.
For an example of this emerging ransomware trend, please see University of Utah Pays Ransom to Avoid Data Disclosure.
So what can we do to stay safe online? There are a few simple ways that we can continue to protect our sensitive data (private and professional).
- Be very cautious about opening attachments in emails. If the email seems suspicious, follow your gut and report it as phishing to our Information Security team at IS&T. They can confirm if an email is malicious or legitimate for you.
- Use a strong password that is not easy to crack. In this case we would recommend using a passphrase as it will increase the complexity of the your password as well as make it easier for you to remember.
- Register your Chapman account on Microsoft’s Two-Factor Authentication (2FA). 2FA provides an extra layer of protection against unauthorized users from accessing your account even if your username and password are compromised.
Learn more about Chapman’s Information Security and Cyber Safety.