Help reduce the risk of ransomware attacks
Ransomware is causing headaches for organisations across the world – including Universities in the UK. Cyber criminals extorting money is nothing new: remember WannaCry? However, more recently, they’re becoming even more efficient and savvier in their techniques and methods.
As we continue to work from home, our online collaborations have increased. We must remain vigilant and be aware of the threats around us to protect ourserlves and others in the University community. Our data is valuable – this includes University records, research projects, and any personal data you store with us.
During a ransomware attack, your files are encrypted and held for ransom. Usually, you’re asked to pay large fee to regain access but even after paying, you may never retrieve your files back. There is also a real possibility your account could be used to infect other users’ files, potentially spreading to the rest of the University network. It is important that you keep your eye out for anything suspicious and report it.
Real life example: WannaCry
In 2017, the NHS was a victim of cybercrime in the form of ransomware. The criminals preyed on the out-of-date security systems and lack of IT security awareness and preparation within the organisation. As a result, over 19,000 patient appointments were cancelled and the NHS lost £9.2m.In this example, cybercrime impacted the public healthcare sector. What’s the equivalent for Universities? We rely on our IT systems to store valuable research data, exam records and student information so the impact of a cyberattack on our organisation will be felt by everyone at St Andrews.
These types of infectious programmes attach themselves to a file or similar email attachment. The success of the ransomware attack relies on a user downloading the file and opening it on their computer. To avoid falling into this trap, follow these tips:
- Check the sender. Even if you know them, do they usually send files in this way? Were you expecting the attachment?
- Never open or click on unexpected links or attachments – if you’re ever unsure, please don’t hesitate in asking us to check it for you.
- If you’re being asked for your University credentials, are you on a st-andrews.ac.uk url?
- Has the email set a sense of urgency? Attacks like to add pressure and make you do things there and then.
- Never reuse your password. Each of your account’s password should be unique.
- Report anything suspicious. Please don’t hesitate to send any suspicious emails to [email protected], we’re more than happy to validate any emails for you.