MUN launches 'ransomware' awareness campaign after computers infected

Memorial University of Newfoundland has launched an awareness campaign to help protect its data from hackers after malicious software infected at least twocomputers.

The university's top information technologyprofessional says in both cases malwareknown asransomwarewas downloaded anddata was encrypted and locked.

• MUN business school website hacked

"Ransomware is essentially what it sounds like. It's a situation where you may click on a link or open an attachment and that attachment launches malwarewhich allows your folder to be essentially locked and encrypted," Memorial's chief information officer, Shelley Smith, told CBC's On the Go Monday.

"Then, in order to get them unlocked, you get a message that says pay us x number of usuallybitcoins and we will unlock your data."

Smith said the money extorted in this way doesn't typically involvehuge amounts, but even after it'spaid in full there's no guarantee the information has not already been passed along or sold to someone who will use it for their own purposes.

No ransompaid

In thetwo confirmed caseswhereransomwarewas used to lock down information at Memorial,it didn't infect othersystems at the university.

In both those cases, people at the university wereable to recover the data from other sources without paying a ransom to the hackers.

"In one case that I'm aware of it appeared to be an invoice and the person was actually processing invoices," she said, adding that spammers often know who's who in their target.

"Somebody does research and figures out, you know, who are the finance people, who are the human resources people or whatever the case may be."

• University of Calgary paid $20K in ransomware attack
• Ransomware: What you need to know

Other times, Smith said the organization is flooded with emails masked as invoices, for instance, in the hopes someone clicks on the link and the ransomware is installed.

Huge and growing problem

Memorial alone gets approximately 2.7 million emailseachday. Spam blockers reject 92per cent of them, but it is far from failproof.

It really does comedown to every single individual having to be vigilant.- Shelley Smith

Smith saiddespite all that's being done to prevent cybercrime, the FBI estimates there are4,000 successful ransomware attacks daily.

"It only takes one to get into the rightperson and somebody clicks on a link or opens an attachment andthat can launch an attack," she said. "As much as we can be sophisticated with all of the tools that we use, it really does comedown to every single individual having to be vigilant."

Smith said one of the biggest things computer users can do to protect themselves is limit the amount of private information they shareonline.