OVERVIEW
Target audience: McGill students, faculty, staff, alumni and affiliates
Ransomware is a type of malicious software, or malware, designed to block access to computers, devices, or files until a ransom is paid. Payment is often requested in a hard-to-recover method, such as cryptocurrency, prepaid credit cards or gift cards.
Ransomware spreads through:
- phishing emails,
- malicious advertisements,
- by unknowingly visiting an infected website,
- downloading an infected file,
- or by an attacker otherwise gaining access to your device.
After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers. Any device capable of storing data, including computers, smartphones, tablets, and IoT devices (internet-connected devices) are at risk.
Here is a short video with tips to protect yourself from malware and phishing attempts (The video may take 2-3 minutes to load):
In this article:
How can I protect myself against ransomware?
Keep everything updated
- Keep your apps and operating systems up to date with the latest patches. Outdated apps and operating systems are the target of most attacks.
- Install security software (also known as antivirus) for home and personal use and configure it to automatically update.
- If you’re responsible for managing a work computer funded by McGill or Research funds, install McGill-provided security software (CIRA DNS Firewall and Microsoft Defender).
Stay informed
- Take free cybersecurity training available for all faculty, staff, and students.
- Learn how to spot suspicious emails and make sure to report them.
Download smartly
- Choose official app stores to download apps.
- Only open file or document attachments when you are expecting them.
- Never click on links in suspicious emails or social media messages that you aren’t expecting.
- Be wary of sites offering free versions of paid apps or digital content.
Backup and store safely
- Back up your data regularly.
- Use a McGill-approved cloud service, such as OneDrive or SharePoint, to store your school or work files. Before you use them, review the types of data that may be stored on them.
Control access
- Restrict administrator (admin) access to your computer and devices.
Be cautious with public networks
- Be mindful of the risks of using public Wi-Fi and Bluetooth and keep them disabled when not in use.
- It’s important to be cautious about which Wi-Fi networks and Bluetooth connections you accept, and what data you share through them while connected.
You'll usually know if your device has ransomware when you see a message demanding payment to regain access to your data. Sometimes, attackers pretend to be law enforcement and claim you’ve done something illegal, asking for a “fine” to avoid legal consequences.
There are two common types of ransomware:
- Locker ransomware: Blocks almost all access to your device, except for the ransom payment screen.
- Encryption ransomware: Encrypts your files, making them unreadable. It can affect files on your device's hard drive, USB drives, external hard drives, and can spread to network drives, including cloud storage.
What should I do if my computer is infected with Ransomware?
If your computer is infected with ransomware, we recommend the following:
For McGill-managed computers or devices (including laptops), immediately do the following:
- Disconnect your device from the network (unplug the network cable and/or disable WiFi) and disable Bluetooth (if applicable).
- Notify your department’s local area network (LAN) administrator. If your device is managed by central IT, or if you do not know who your LAN administrator is, contact McGill’s IT Service Desk directly at 514-398-3398 during regular business hours.
- Remove or disconnect any attached removable storage devices e.g. backup drives, USB drives).
- If possible, take a picture of the ransomware demands.
- Do not attempt to act on your own. Wait for your LAN administrator to guide you through the next steps. If you back up your device or your files regularly, make sure to let them know.
For personal computers (neither owned nor managed by McGill):
Visit the Government of Canada's Cybersafe website and scroll down to the section on " What to do if you get infected with ransomware". If any McGill institutional data (data owned or licensed by the University) was stored on your personal device, please contact the IT Service Desk as soon as possible.
