Ransomware: Don't Pay the Ransom!

If You Get Ransomware

If a computer or device that is owned or managed by the university or is used to access or maintain sensitive U-M data, take action immediately.

  • Report it to the appropriate contact or contact the ITS Service Center.
  • Don't pay the ransom. There are no guarantees when you are dealing with criminals.

What Is Ransomware?

  • Ransomware is malicious software that infects and encrypts your computer and its files, as well as other devices. Victims are asked to pay a ransom to get their folders, files, and devices unlocked.
  • Criminals use ransomware to extort money from individuals and organizations. A number of large health care providers have been targets.

How Ransomware Typically Gets on Devices

  • You open an email attachment that downloads the malicious software, which then infects your device.
  • You open a shared document link in an email message, and the document contains ransomware.
  • You click a link in an email message that takes you to a malicious website where you are deceived into clicking on a link and downloading malicious software.

Once a computer or other device is infected, the malware begins encrypting files and folders on the device, local drives, any attached drives, backup drives, and potentially other computers on the same network.

What You Can Do to Protect Yourself

  • Don't open unexpected email attachments. Check with the sender first.
  • Check links in email before clicking by hovering over them with your mouse. Learn what to look for at Don't Fall for Phish!
  • Make backups, and keep them separate from your device.
  • Install and use anti-virus software.
  • U-M Health System users can enroll in AirWatch (login required; UMHS only) to connect to UMHS resources and safeguard their personal devices.
  • Learn more about ransomware:

Ransomware and Cloud Services

Ransomware infects files on your computer, so content stored in the cloud, such as content in U-M Google Drive or Box, is protected as long as it is not synced to the infected computer.

If files synced to your computer via Box Sync are infected with ransomware, you can make an older version current via the Box webapp. This works because the ransomware creates a new version of the file, but Box keeps the original, uninfected version as a prior version.

If you are using Desktop Backup (CrashPlan) to backup your files, you can use it to get back older, uninfected versions of infected files. CrashPlan is recommended if you routinely store files on your device for protection against ransomware, data corruption, hard drive crashes, and so on.