{"id":24109,"date":"2021-07-07T16:19:05","date_gmt":"2021-07-07T20:19:05","guid":{"rendered":"https:\/\/michigan.it.umich.edu\/news\/?p=24109"},"modified":"2024-07-08T06:04:30","modified_gmt":"2024-07-08T10:04:30","slug":"be-proactive-and-prepared-for-ransomware","status":"publish","type":"post","link":"https:\/\/michigan.it.umich.edu\/news\/2021\/07\/07\/be-proactive-and-prepared-for-ransomware\/","title":{"rendered":"Be proactive and prepared for ransomware"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"450\" src=\"https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-600x450.png\" alt=\"\" class=\"wp-image-24110\" srcset=\"https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-600x450.png 600w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-300x225.png 300w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-768x576.png 768w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-665x499.png 665w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280.png 1280w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Another day, another ransomware attack. From attacks on the&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Colonial_Pipeline_cyber_attack\">Colonial Pipeline<\/a>, to&nbsp;<a href=\"https:\/\/www.reuters.com\/world\/us\/some-us-meat-plants-stop-operating-after-jbs-cyber-attack-2021-06-01\/\">meatpacker JBS<\/a>, to&nbsp;<a href=\"https:\/\/www.theverge.com\/2021\/5\/20\/22446388\/cna-insurance-ransomware-attack-40-million-dollar-ransom\">CNA Financial<\/a>, to the&nbsp;<a href=\"https:\/\/www.nbcboston.com\/news\/local\/mass-steamship-authority-delayed-due-to-cyber-attack\/2395477\/\">Steamship Authority of Massachusetts<\/a>&nbsp;to the&nbsp;<a href=\"https:\/\/apnews.com\/article\/police-technology-government-and-politics-1aedfcf42a8dc2b004ef610d0b57edb9\">DC Police<\/a>, to the&nbsp;<a href=\"https:\/\/www.reuters.com\/technology\/irish-health-service-hit-by-ransomware-attack-vaccine-rollout-unaffected-2021-05-14\/\">Irish health service<\/a>,&nbsp;<a href=\"https:\/\/hbr.org\/2021\/05\/ransomware-attacks-are-spiking-is-your-company-prepared\">ransomware attacks are spiking<\/a>.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>If you manage U-M or unit systems, computers, or data<\/strong>, you are responsible for taking steps to protect them from ransomware.<\/li><li><strong>If you use U-M computing services<\/strong>, you are responsible for learning not to respond to phishing emails, which often provide entry to ransomware.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What IT staff can do<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Install <\/strong><a href=\"https:\/\/safecomputing.umich.edu\/protect-the-u\/manage-um-workstations\/antivirus-um\"><strong>CrowdStrike Falcon<\/strong>&nbsp;endpoint protection<\/a>&nbsp;on any unit computers you are responsible for.<\/li><li><a href=\"https:\/\/safecomputing.umich.edu\/two-factor-authentication\/implementing-systems-services\"><strong>Implement Duo two-factor<\/strong><\/a>&nbsp;on any machine that allows authenticated connections from the internet.<\/li><li><strong>Keep hardware and software up-to-date.<\/strong>&nbsp;Apply all patches and updates as soon as possible after appropriate testing, and only use supported, up-to-date software.<\/li><li><strong>Report suspected ransomware<\/strong>&nbsp;to&nbsp;<a href=\"mailto:security@umich.edu\">security@umich.edu<\/a>.<\/li><li><strong>Provide education and awareness in&nbsp; your unit.<\/strong>&nbsp;Use these ITS Information Assurance resources:<ul><li>Print-and-post flyer: <a href=\"https:\/\/drive.google.com\/file\/d\/1EbbVRQwRgqq3wVTW1acmVSv87SIK3B4C\/view?usp=sharing\">Beware of Ransomware!<\/a><\/li><li><a href=\"https:\/\/www.dropbox.com\/sh\/9llisyn9n6xs797\/AADI8Fre9cNsYXY4BwKyVq6Ra?dl=0\">Ransomware digital signs<\/a>&nbsp;(login to Dropbox at U-M required).<\/li><li>Safe Computing webpage: <a href=\"https:\/\/safecomputing.umich.edu\/be-aware\/phishing-and-suspicious-email\/ransomware\">Ransomware: Don&#8217;t Pay the Ransom!<\/a><\/li><\/ul><\/li><li><strong>Back up data!<\/strong>&nbsp;All U-M units and research programs should develop and document backup plans for U-M institutional data. See <a href=\"https:\/\/safecomputing.umich.edu\/protect-the-u\/protect-your-unit\/backup-um-data\">Back Up U-M Data<\/a>.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What U-M does<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Information Assurance (IA) groups in both Information and Technology Services (ITS) and Health Information Technology &amp; Services (HITS) work with units across U-M to reduce risk and protect against cyberthreats, including\u00a0<a href=\"https:\/\/safecomputing.umich.edu\/protect-the-u\/protect-your-unit\/backup-um-data\/ransomware-mitigation\">ransomware mitigation<\/a>.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/safecomputing.umich.edu\/protect-the-u\/protect-your-unit\/backup-um-data\">U-M data backups<\/a>. ITS and HITS maintain appropriate system backups and storage snapshots of the data and systems they are responsible for.<\/li><li><a href=\"https:\/\/its.umich.edu\/enterprise\/wifi-networks\/network-security\">Network security<\/a>. Monitors for and helps prevent unauthorized access or misuse of U-M computer networks and network-accessible resources.&nbsp;<\/li><li><a href=\"https:\/\/safecomputing.umich.edu\/protect-the-u\/manage-um-workstations\/antivirus-um\">Endpoint protection<\/a>. Protects U-M workstations (laptops and desktops) and servers.<\/li><li><a href=\"https:\/\/safecomputing.umich.edu\/protect-the-u\/protect-your-unit\/vulnerability-management\">Vulnerability management<\/a>. All U-M networks are regularly scanned for unpatched, vulnerable systems at risk of threat actor exploitation, including ransomware.<\/li><li><a href=\"https:\/\/safecomputing.umich.edu\/it-security-professionals\/tools-templates\/logging\">Logging and monitoring<\/a>. These activities can identify suspicious behavior, be used to proactively block attacks, and support the investigation of potential IT security incidents.<\/li><li><a href=\"https:\/\/safecomputing.umich.edu\/it-security-professionals\/tools-templates\/mitn\">Threat intelligence<\/a>. Bolsters overall U-M IT security by feeding information about active threats into numerous other IT systems.<\/li><li><a href=\"https:\/\/safecomputing.umich.edu\/be-aware\/phishing-and-suspicious-email\/how-um-reduces-malicious-email\">Malicious email reduction<\/a>. The university uses a variety of tools to stop spam, phishing, and other malicious email before it reaches users&#8217; inboxes.<\/li><li><a href=\"http:\/\/www.finance.umich.edu\/risk-management\/cyber-risk-insurance-coverage\">Cyber risk insurance<\/a>. The Office of Risk Management maintains this insurance coverage, which requires that serious IT security incidents be reported to ITS IA (<a href=\"mailto:security@umich.edu\">security@umich.edu<\/a>).<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>If you manage U-M or unit systems, computers, or data, you are responsible for taking steps to protect them from ransomware. If you use U-M computing services, you are responsible for learning not to respond to phishing emails, which often provide entry to ransomware.<\/p>\n","protected":false},"author":24,"featured_media":24110,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","_umich_oidc_access":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_ef_editorial_meta_date_first-draft-date":"","_ef_editorial_meta_paragraph_assignment":"","_ef_editorial_meta_checkbox_needs-photo":"","_ef_editorial_meta_number_word-count":"","footnotes":""},"categories":[27],"tags":[488,368,874],"class_list":["post-24109","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-safe-computing","tag-cybersecurity","tag-phishing","tag-ransomware"],"uagb_featured_image_src":{"full":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280.png",1280,960,false],"thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-400x266.png",400,266,true],"medium":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-300x225.png",300,225,true],"medium_large":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-768x576.png",665,499,true],"large":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-600x450.png",600,450,true],"1536x1536":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280.png",1280,960,false],"2048x2048":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280.png",1280,960,false],"excerpt-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-200x140.png",200,140,true],"themonic-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-60x42.png",60,42,true],"ioslider-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-658x300.png",658,300,true],"post-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-665x499.png",665,499,true],"400x250-crop":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2021\/07\/ransomware-2321665_1280-400x250.png",400,250,true]},"uagb_author_info":{"display_name":"Janet Eaton, ITS Information Assurance","author_link":"https:\/\/michigan.it.umich.edu\/news\/author\/jmfeaton\/"},"uagb_comment_info":0,"uagb_excerpt":"If you manage U-M or unit systems, computers, or data, you are responsible for taking steps to protect them from ransomware. If you use U-M computing services, you are responsible for learning not to respond to phishing emails, which often provide entry to ransomware.","_links":{"self":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/24109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/comments?post=24109"}],"version-history":[{"count":6,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/24109\/revisions"}],"predecessor-version":[{"id":24158,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/24109\/revisions\/24158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/media\/24110"}],"wp:attachment":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/media?parent=24109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/categories?post=24109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/tags?post=24109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}