Be proactive and prepared for ransomware

Another day, another ransomware attack. From attacks on the Colonial Pipeline, to meatpacker JBS, to CNA Financial, to the Steamship Authority of Massachusetts to the DC Police, to the Irish health serviceransomware attacks are spiking.

  • If you manage U-M or unit systems, computers, or data, you are responsible for taking steps to protect them from ransomware.
  • If you use U-M computing services, you are responsible for learning not to respond to phishing emails, which often provide entry to ransomware.

What IT staff can do

What U-M does

The Information Assurance (IA) groups in both Information and Technology Services (ITS) and Health Information Technology & Services (HITS) work with units across U-M to reduce risk and protect against cyberthreats, including ransomware mitigation.

  • U-M data backups. ITS and HITS maintain appropriate system backups and storage snapshots of the data and systems they are responsible for.
  • Network security. Monitors for and helps prevent unauthorized access or misuse of U-M computer networks and network-accessible resources. 
  • Endpoint protection. Protects U-M workstations (laptops and desktops) and servers.
  • Vulnerability management. All U-M networks are regularly scanned for unpatched, vulnerable systems at risk of threat actor exploitation, including ransomware.
  • Logging and monitoring. These activities can identify suspicious behavior, be used to proactively block attacks, and support the investigation of potential IT security incidents.
  • Threat intelligence. Bolsters overall U-M IT security by feeding information about active threats into numerous other IT systems.
  • Malicious email reduction. The university uses a variety of tools to stop spam, phishing, and other malicious email before it reaches users’ inboxes.
  • Cyber risk insurance. The Office of Risk Management maintains this insurance coverage, which requires that serious IT security incidents be reported to ITS IA (security@umich.edu).