Ransomware – a type of malware which ‘locks’ the files on a computer and then demands payment to unlock them – is a growing threat all across the world.
Ransomware attacks are launched via email and are a major threat to our data, with several recent examples compromising Queen’s systems. They have the potential to cause reputational damage and loss of important data.
At Queen’s, we provide security through our network firewall and through the use of anti-virus software. However, these measures cannot catch every threat and we rely heavily on you being alert to threats and taking due care to avoid them.
We urge you to read the information below and follow the guidance given.
Ransomware is typically delivered via an email which asks you to open an attached file which contains the Ransomware virus. The email may look genuine in many respects and may seem to come from a bona fide source (e.g. Fedex). Remember that email addresses can be ‘spoofed’ to disguise their true source.
Ransomware emails seen at Queen’s have had the following subject lines:
You should take extra care with emails with these subject lines but also be aware that the attacker could use any subject which might hope to attract your attention.
Ransomware emails have attachments which they will encourage you to open. The types of attachments seen to date have been .zip, .rar, .wav, .tar, .tsg but you should be vigilant about all zipped attachments. You should only open a zipped attachment if you are expecting one from a known source and you are satisfied that the email is genuine.
Click on the images below to view examples of ransomware emails which were received by Queen’s staff:
Key questions to ask yourself are:
If the answer is “no” then you should delete the email or at least verify its authenticity.
If you decide to open an attachment and you are prompted to download or unzip it, or are advised that it has been saved in the Download directory, you still have the option to halt the process. If you become concerned that the attachment might carry a virus, you should proceed no further until you are completely sure of the source and the message. Where you have doubt, you should send the email to email@example.com.
If you opened the attachment in the first example above, you would see the following on your screen:
If you proceeded to open the downloaded file you would be presented with the following dialog box:
As this attachment did in fact contain a Ransomware virus, clicking “Open” would result in all the files on your computer being encrypted and a screen similar to below presented to you. It is therefore vital that you take these opportunities to think again: “Is this message genuine?”
If it gets onto your PC, the Ransomware will encrypt (lock) the files on your PC. At this point the files on your computer are no longer accessible to you and you must take the following action:
To protect yourself, follow this advice:
It is vital that you have the means to recover data that might be lost through Ransomware or other cause. Queen’s strongly recommends that you back up your data to the Q: drive:
Last updated June 2016
Queen's University Belfast is committed to Equality, Diversity and Inclusion.
For more information please read our Equality and Diversity Policy.
Queen's University Belfast is registered with the Charity Commission for Northern Ireland NIC101788
VAT registration number: GB 254 7995 11