A recent alert from the Joint Ransomware Task Force (JRTF) warns about the accelerated growth of tactics used by ransomware actors. Founded in 2022, the JRTF acts as an interagency collaborative effort to reduce the prevalence and impact of ransomware attacks and is comprised of members from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
You can do your part to protect yourself and the university by being aware of ransomware and taking steps to secure yourself. Ransomware attempts often begin with a phishing email. When a recipient opens an attachment or shared document or visits a malicious website, ransomware or other malware is installed on their device. It can then infect and encrypt files on their device or connected systems. In other cases, attackers gain access to install ransomware on a system that is exposed to the internet or through vulnerabilities in software that is not kept up-to-date.
Once systems are compromised, the threat actor demands a ransom (usually to be paid through cryptocurrency) to restore access. They may also threaten to publish or delete the data if the ransom is not paid.
You can help stop ransomware by doing the following:
- Recognize and avoid falling for phishing and suspicious email.
- Secure your devices by keeping your software up-to-date. Apply software updates promptly, and ensure that security software (such as antivirus) is running and up-to-date.
- Back up your data. See Back Up U-M Data for requirements if you are responsible for managing university data and/or systems that store it.
- Ensure CrowdStrike Falcon is installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers).
See Ransomware: Don’t Pay the Ransom! and Ransomware Mitigation for additional details, and print and post this 8-1/2 X 11 inch poster—Poster: Beware of Ransomware!