Skip to main content

Types of Malware and how to deal with them

Online and Computer Security

Ransomware

​Hopefully most people will now have heard the word "Ransomware" as the recent WannaCry ransomware attack on the NHS on the 12th May was big news.Here is a quick break-down of what you need to know- and what you need to do.

What is it?

Ransomware is a type of malware which 'locks' the files on a computer and then demands payment to unlock them and is one of the biggest threats facing the University.It works as follows:

  1. Typically you get an email directing you to click on a link or open an attachment - The email may look genuine in many respects and may seem to come from a bona fide source (e.g. HR). Remember that email addresses can be 'spoofed' to disguise their true source;
  2. You click on the link or open the attachment;
  3. The website you visit, or the attachment you open, changes (encrypts) all your files so you can't open them;
  4. You get a notification that your files have been made unusable, with a demand to pay money to get them back;
  5. You may pay the ransom, and may – or may not- get your files back (how much do you trust the person who just stole your files?);

Ransomware emails seen at Brunel have had the following subject lines:

  • Invoice
  • Unable to deliver your parcel
  • Purchase order
  • Your password will expire in n days
  • You have received an important document.
  • Thank you for being our loyal Customer. This is your reward
  • Admin Staff Case
  • Your Paycheque Details

​Key questions to ask yourself are:

  • Am I expecting an email from this organisation?
  • Have I actually purchased or used the service being referred to?
  • Am I confident that the attachment is safe?

If the answer is "no" then you should delete the email or at least verify its authenticity

What do I do if my PC (or other device) is infected by Ransomware?

If it gets onto your PC, the Ransomware will encrypt (lock) the files on your PC and possibly, network files as well, such as G: and H: At this point the files on your computer are no longer accessible to you and you must take the following action:

  • Do not follow any of the advice on your computer screen;
  • DO NOT PAY THE RANSOM;
  • Do not plug in any USB storage device in an attempt to recover backed up data;
  • Disconnect your computer from the power supply immediately;
  • You must report the incident to Cyber and Information Security cyber365@brunel.ac.uk and the IS Service desk Computing.Support@brunel.ac.uk, telephone 01895 265888