The University of Utah

Nationwide Ransomware Awareness

U.S. and Canadian cybersecurity agencies have recently issued alerts about the growing number of ransomware attacks directed at health care companies, with as many as five reporting being affected in the past month. To date, University of Utah Hospitals & Clinics and main campus have not been affected.

Because cybercriminals are shifting their attacks from targeting IT offices to targeting individual users, the U’s leadership and the Information Security Office (ISO) urge all staff, faculty and students to remain diligent to help prevent ransomware and other malware attacks. Because these attacks are becoming more sophisticated every day, your awareness and diligence are critical for reporting attempted attacks.

What is ransomware?

Ransomware is a type of malware that users inadvertently install on their computers by opening malicious email attachments, clicking links, or downloading files that appear to be harmless but actually contain malware. Ransomware, once installed on a computer, encrypts select files and can encrypt shared directories, making the files inaccessible without an encryption key. The only way to get the key is by paying money to the criminals who installed the ransomware. The criminals demand payment and promise to give the key if ransom is paid on time. Unfortunately, even if the ransom is paid there’s no guarantee the criminals will provide the decryption key or that all of the files will be decrypted successfully.

What can you to do protect your files and university data?

  • Back up your files today, and schedule routine backups for the future.
  • To minimize risk to university files, data, and systems, it is recommended that users minimize usage of nonbusiness related resources, as using these may introduce unknown threats.
  • Avoid clicking on links or opening attachments or emails from people you don't know or organizations you don't work with.
  • Be especially wary of “double extension” files. Sometimes criminals try to make files look harmless by using .pdf or .jpeg in the file name. It might look like this: not_malware.pdf.exe. This file is NOT a PDF file. It’s an executable program file (EXE), and the double extension means it’s probably a virus.
  • Avoid enabling macros from email attachments.
  • Bookmark trusted websites and access these websites via bookmarks.
  • Minimize “drive-by” downloads by making sure your browser’s security setting is high enough to detect unauthorized downloads. For example, use at least the “medium” setting in Internet Explorer. Contact your designated help desk if you need assistance with these settings.
  • Keep your passwords confidential.
  • Keep personal computers updated with the most current patches and updates.

What is the U’s Information Security Office doing to protect University files and data?

ISO uses a range of methods to make University files and data more secure. ISO staff members conduct active and constant monitoring of University systems to identify and address any malware attacks. ISO is working with IT leadership to strengthen security measures for protecting computers and devices, especially those used by employees with access to high-risk systems and sensitive data. ISO staff members participate in information-sharing efforts with other healthcare companies and higher education institutions to mitigate the risk of ransomware and other malware attacks. Working with Hospitals & Clinics, health sciences, and main campus leaders, ISO is investigating methods for making non-essential online services more secure.

Need Help?

Should you notice that your computer doesn’t seem to be functioning normally, or you suspect you may have opened a link or file in a suspicious email, immediately contact your local IT support staff or your designated central IT help desk for assistance:

Hospitals & Clinics: 801-587-6000
Main Campus: 801-581-4000 option 1

© 2016 University of Utah