Ransomware has exploded in the news cycle in the past few weeks. Most notably, we have seen an increase at the gas pumps due to the successful attack against Colonial Pipeline. According to media sources, Colonial paid $5.5-million to the cybercriminals to regain control of their systems. This brief is to provide awareness of controls that protect systems and data. Please consult with your local IT staff or CALS IT regarding implementing these controls in your unit.
Ransomware is one of the tools cybercriminals use for financial gain. This type of attack has tarnished the reputation of government organizations, businesses, and universities. So how can we protect our data and systems from these attacks? It is a two-pronged strategy. First, ensure controls are in place to reduce the likelihood of an event. Secondly, ensure you have controls in place to recover data in the case of a successful ransomware attack.
The National Institute of Science and Technology (NIST) has an ongoing program to identify controls and strategies to prevent and recover from ransomware. The program includes a factsheet on how to stay prepared and a video on how companies can protect themselves. NIST also provides more details on their Ransomware Project Overview website.
The following table identifies the responsibilities of protecting the campus from Ransomware.
|DoIT & Cybersecurity||Local IT||Everybody|
|(1) Block access to known ransomware sites||(1) Install and monitor antivirus software||(1) Avoid opening files, clicking on links, etc., from unknown sources|
|(2) Monitor the network for potential ransomware attacks||(2) Apply software and firmware updates||(2) Avoid using personal applications and websites, such as email and chat|
|(3) Routinely backup enterprise systems and data||(3) Routinely backup IT systems||(3) Routinely backup data|
|(4) Respond to and investigate successful ransomware attacks||(4) Consult with Fac/Staff on backup solutions||(4) Complete the UW-Madison Cybersecurity Awareness and Training|