The horrors of ransomware can go beyond the ghoulish loss of data and the ghastly financial costs of data recovery. To customers and business folk alike, interruption to operations is an additional cost in addition the expense of data recovery. The undead care only about their pound of flesh.

There are reports of organizations paying the ransom not because they were inadequately prepared, but facing the process of recovery, it became clear that it would be more costly to recover than to pay.

When it comes to ransomware, an ounce of prevention is worth many pounds of cure.

As persistent and increasingly sophisticated malicious cyber campaigns continue to target both the public and private sector, everyone in the University community can help to protect themselves and the University by remaining vigilant in their information security practices.

The following practices are broadly applicable to everyone in the community and are critical phishing and ransomware safeguards:

• NetID+ / Duo
  • NEVER share your NetID password
  • NEVER accept a Duo Push you did not initiate yourself
  • NEVER share a Duo passcode
• Email / Instant Message / SMS Text
  • ALWAYS be vigilant of verifying the legitimacy of communications – especially from new senders
  • ALWAYS think carefully before following a link or opening an attachment
  • ALWAYS verify a request is legitimate before sharing sensitive information or performing a consequential action (purchasing something, granting access, etc.)
• Devices / Software / Data
  • ALWAYS maintain up-to-date software and patches
  • ALWAYS backup all-important data to at least two different places
  • ALWAYS run updated anti-virus/anti-malware where available
• For IT Professionals
  • Enroll in the Vulnerability Management Program (VMP) and monitor vulnerabilities in your environment
  • Use removable storage and cloud storage to create independent backups of important data
  • Devise and practice Incident Response best practices because the scary monsters need only be lucky once