Search This Site


Main menu

Ransomware: The What, How, & Why

Ransomware: even if the name doesn’t ring a bell, you’re likely already familiar with its impact. Cases like the DarkSide attack on the Colonial Pipeline in the United States and the international WannaCry crisis that shut down 16 hospitals across the United Kingdom have likely made it across your news feed. Especially in light of the current international situation, you should know what is ransomware and how to protect yourself?


What is ransomware?

Ransomware is a type of malware that encrypts—or locks—your computer files and demands payment to a cybercriminal to get them unlocked. Ransoms are often demanded in Bitcoin, since it’s harder for law enforcement to track.

On the rise

The European Union Agency for Cybersecurity (ENISA) describes our time as “the golden age of ransomware.” It’s one of the most impactful types of cyber attacks the world faces today and shows no signs of letting up. Quite the opposite, in fact; the impact of ransomware continues to grow which is why it’s important to understand what it is and how to prevent its spread.


Most types of malware are most commonly spread through phishing, and ransomware is no exception. Phishing is a type of cyber attack in which a cybercriminal pretends to be someone they’re not in order to coax you into clicking a link, downloading an attachment, or handing over resources (such as money or data). Phishing can take many different forms, but when we’re talking about malware we’re most concerned with email phishing and smishing.

Here’s some phishing red flags to look out for:

  • Attachments: these can contain malware. Never open attachments you weren’t expecting without verifying the sender’s identity through another means of contact.
  • Links: webpages can also infect your device with malware. Avoid clicking links from unknown senders.
  • Urgency: cybercriminals want you to act without thinking. If you’re being rushed to take action, exercise caution.
  • Spoofs: if an email address almost looks like one you trust, this might be a spoof ([email protected] vs [email protected]). Scrutinize sender email addresses and phone numbers.

If you receive a phish, forward it to the Information Security team at "[email protected]"   For additional information, please see our webpage on Reporting Suspicious Emails and What is Phishing?.


Mysterious removable media

Cybercriminals love to prey upon your natural curiosity. That lost flash drive you found in the parking lot outside the office may be pre-loaded with malware and planted there in hopes you’d wonder what’s inside and plug it into a work device.

Parking lots aren’t the only danger zone; cybercriminals are craftier than that. The United States Federal Bureau of Investigation warns against USB drives delivered through the mail. Cybercriminals may even sell malicious devices to you through an e-commerce platform such as Amazon. (Pro-tip: be cautious of products priced drastically lower than credible competitors).

Bottom line? If you aren’t sure where a removable device is coming from, be it a flash drive, a removable hard drive, or a computer mouse … don’t plug it in.

Public Wi-Fi & USB ports

In the last few years we’ve become more mindful of germs in public spaces, but what about cyber threats? Communal areas are a cybercriminal’s favorite because they make it easy to infect the devices of entire groups of people at once.

Never connect to public Wi-Fi if you can help it. Cybercriminals can use a network to infect the devices of anyone connected. Instead, use your own cellular data or hotspot. If you must connect, VPNs can offer another layer of protection.

If you anticipate needing to charge your mobile device while out and about, bring a charging block with you so you can connect straight to an electrical outlet. Public USB ports such as charging stations can be pre-loaded with malware such as ransomware.



If your device does end up infected with ransomware, your best option is to wipe it (re-format it) and reload your lost data from a backup. This will prevent the loss of your files and make it unnecessary to hand money over to a cybercriminal.

For personal devices, experts recommend using a cloud service. Your files will stay up-to-date automatically, so you won’t need to manually reupload them every time a change is made.

For UVA-owned work devices, if your department LSP has a backup plan, participate.  If not, then ask your LSP about backup software such as CrashPlan from ITS. (If you do not have an LSP, please contact [email protected]). If yoiu have a Macintosh computer, use Time-Machine, built-in backup software.  For individual files and folders, use UVaBox and/or OneDrive.


Is it ethical to pay a ransom?

If you suspect or are a victim of ransomware, you must report it to University Information Security within within one (1) hour from the time the incident is identified. Report the incident at the "Reporting a Security Incident” webpage (preferred) or by telephoning (434) 924-4165.  University Information Security will advise you how to proceed.  

It’s largely considered unethical to pay a ransomware ransom, as it incentivizes cybercriminals to continue with these types of attacks. After all, if it wasn’t profitable, cybercriminals wouldn’t waste their time. It’s worth noting that even if you do decide to pay the ransom, there’s no guarantee the criminals will hold up their end of the bargain.

However, as with any question involving ethics, the answer isn’t always clear. Some questions of ransom payment exist in a more morally grey area. Hospitals, for instance, present a matter of life and death when ransomware prevents them from properly caring for their patients.

Ransomware may be on the rise, but we have a secret weapon - you. The better we all understand how to prevent ransomware from spreading and what to do in the case of an attack, the less profitable it will be for cybercriminals. You are our first line of defense against cyber attacks. The University - and the world - is counting on you to help stop the spread of ransomware.

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form