In week 1 of Cybersecurity Awareness Month, we focused on educating you on the different types of phishing attacks we have seen and that many have reported receiving in the UChicago community. The most important element in a successful phishing attack is the human factor. In 2021, we saw a surge in ransomware in higher education.

This week’s theme, Fight the Phish, stresses the importance of being wary of emails, text messages, voicemails, or chat boxes that come from a stranger or someone you were not expecting. We must be more be vigilant than ever to think before we click on any suspicious emails, links, or attachments and make sure to report any suspicious emails!

Phishing attacks and scams have thrived since the COVID pandemic began in 2020. Today, phishing attacks — which often contain ransomware — account for more than 80 percent of reported security incidents. Ransomware is a type of malware designed to encrypt and block access to your files or lock your device’s operating systems so attackers can demand a ransom payment. It’s important to note that ransomware is affecting not only computers, but also mobile devices such as smartphones and tablets.

Ransom will be requested in different ways. The victim may be asked to wire a time-sensitive payment using a virtual currency like Bitcoin or to purchase a program that will decrypt the blocked data. Ransomware is very effective because it capitalizes on fear. Cybercriminals engaged in ransomware know they can manipulate their victims into paying the ransom to avoid exposing browsing habits or publicly releasing personal documents and photos. Or victims simply worry that losing access to their device or computer would be too much of a hassle. However, even if you pay the ransom, there’s no guarantee that the files will be unlocked or recoverable.

10 Steps to Protect Yourself Against Phishing and Ransomware Attacks

You now know what ransomware is and how much trouble it can cause for businesses and individuals alike. Prevention is the best strategy to protect yourself against phishing and ransomware attacks. Here are 10 tips to proactively protect yourself and your devices.

  1. Install and maintain up-to-date antivirus software with antimalware protection.
  2. Delete any suspicious emails or text messages from unverified sources. If in doubt, call the sender by phone or use a known, public email address to verify the message’s authenticity.
  3. Avoid clicking on links or downloading attachments in emails or text messages that you are not expecting. Suspicious links and files may carry ransomware.
  4. Use email filtering options whenever possible to keep malicious messages and spam from reaching your inbox.
  5. Check for operating system, software, browser, app, and plug-in updates often. Set up automatic updates whenever possible.
  6. Backup your files on a regular basis so you don’t have to pay a ransom to access locked files on your computer, laptop, or mobile device! Use a cloud storage service or an external device so you can restore files from a recent backup.
  7. Don’t allow others to use your personal or work devices. Unauthorized users (including family members) can accidentally click on a malicious link.
  8. Only download apps that are trustworthy.
  9. Disable browser pop-ups or use an ad blocker.
  10. Bookmark trusted websites to make sure you don’t mistype a web address and end up visiting a malicious site by accident.

What to Do If You Think You’ve Been Hacked?

If you fall victim to a phishing attempt or ransomware attack, you should act quickly and do the following:

  • Disconnect your device from the Internet and your home or office network to prevent the spread of the ransomware to other devices on the network. This means unplugging the network cable or disabling Wi-Fi.
  • Alert the appropriate IT or information security team members at the University of Chicago (email or call 773-702-CERT (2378)). We can help with next steps and alert law enforcement agencies if needed.

Remember that the first and best line of defense is a good offense. Report any phishy emails or potential ransomware messages to the University’s security team by using the Report a Phish button or via email. Want to learn more? Please visit the University of Chicago’s phishing website for additional advice and resources.