Another day, another ransomware attack. From attacks on the Colonial Pipeline, to meatpacker JBS, to CNA Financial, to the Steamship Authority of Massachusetts to the DC Police, to the Irish health service, ransomware attacks are spiking.
- If you manage U-M or unit systems, computers, or data, you are responsible for taking steps to protect them from ransomware.
- If you use U-M computing services, you are responsible for learning not to respond to phishing emails, which often provide entry to ransomware.
What IT staff can do
- Install CrowdStrike Falcon endpoint protection on any unit computers you are responsible for.
- Implement Duo two-factor on any machine that allows authenticated connections from the internet.
- Keep hardware and software up-to-date. Apply all patches and updates as soon as possible after appropriate testing, and only use supported, up-to-date software.
- Report suspected ransomware to security@umich.edu.
- Provide education and awareness in your unit. Use these ITS Information Assurance resources:
- Print-and-post flyer: Beware of Ransomware!
- Ransomware digital signs (login to Dropbox at U-M required).
- Safe Computing webpage: Ransomware: Don’t Pay the Ransom!
- Back up data! All U-M units and research programs should develop and document backup plans for U-M institutional data. See Back Up U-M Data.
What U-M does
The Information Assurance (IA) groups in both Information and Technology Services (ITS) and Health Information Technology & Services (HITS) work with units across U-M to reduce risk and protect against cyberthreats, including ransomware mitigation.
- U-M data backups. ITS and HITS maintain appropriate system backups and storage snapshots of the data and systems they are responsible for.
- Network security. Monitors for and helps prevent unauthorized access or misuse of U-M computer networks and network-accessible resources.
- Endpoint protection. Protects U-M workstations (laptops and desktops) and servers.
- Vulnerability management. All U-M networks are regularly scanned for unpatched, vulnerable systems at risk of threat actor exploitation, including ransomware.
- Logging and monitoring. These activities can identify suspicious behavior, be used to proactively block attacks, and support the investigation of potential IT security incidents.
- Threat intelligence. Bolsters overall U-M IT security by feeding information about active threats into numerous other IT systems.
- Malicious email reduction. The university uses a variety of tools to stop spam, phishing, and other malicious email before it reaches users’ inboxes.
- Cyber risk insurance. The Office of Risk Management maintains this insurance coverage, which requires that serious IT security incidents be reported to ITS IA (security@umich.edu).