Section content mobile menu toggleSection Content

Information Security at the University of Hawai‘i

Avoiding Ransomware Attacks

Ransomware poses a major threat to everyone, leaving people vulnerable to information and privacy losses, identity theft, and extortion. Ransomware is a type of malware designed to encrypt users' files or lock their operating systems, making most files unreadable or even making the whole device unusable so attackers can demand a ransom payment. One recent widespread ransomware attack, called WannaCry, used a Microsoft Windows exploit to distribute itself across worldwide networks, infecting hundreds of thousands of devices. According to a 2016 Symantec report, the average ransom demand is almost $700 and "consumers are the most likely victims of ransomware, accounting for 57 percent of all infections between January 2015 and April 2016."

Most ransomware comes in the form of a malicious url or attachment in an email, where sophisticated social engineering techniques are used to entice users to take the desired action. Examples include:

  • an embedded malicious link in an email offering a cheap airfare ticket;
  • an email that appears to be from Google Chrome or Facebook inviting recipients to click on an image to update their web browser;
  • a well-crafted website mimics a legitimate website and prompts users to download a file or install an update that locks their PC or laptop.
To avoid becoming a victim of ransomware, users can follow these tips:
  • Delete any suspicious emails. Messages from unverified sources or from known sources that offer deals that sound too good to be true are most likely malicious. If in doubt, contact the alleged source by phone or by using a known, public email address to verify the message's authenticity.
  • Avoid clicking on unverified email links or attachments. Suspicious links might carry ransomware (such as the CryptoLocker Trojan or WannaCry).
  • Use email filtering options whenever possible. Email or spam filtering can stop a malicious message from reaching your inbox.
  • Install and maintain up-to-date antivirus software. Keeping your operating system updated with the latest virus definitions will ensure that your security software can detect the latest malware variations.
  • Update all devices, software, and plug-ins on a regular basis. Check for operating system, software, and plug-in updates often - or, if possible, set up automatic updates - to minimize the likelihood of someone holding your computer or files for ransom.
  • Back up your files. Back up the files on your computer, laptop, or mobile devices frequently so you don't have to pay the ransom to access locked files.

STOP. THINK. CONNECT. I back up my digital life! Making copies of my pictures, videos, and valuable documents is just common sense. www.stopthinkconnect.org

Source: STOP. THINK. CONNECT. I Back Up poster



Annual Personal Information Survey and Server Registration

Personal Information Survey

As required by State law HRS 487N-7 (http://www.capitol.hawaii.gov/hrscurrent/Vol11_Ch0476-0490/HRS0487N/HRS_0487N-0007.htm), any Personal Information System (regardless if it is paper-based or electronic) needs to be reported. For the University of Hawaii, that information needs to be recorded in a Personal Information Survey.

"Personal information" is defined as having an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:

  1. Social security number;
  2. Driver's license number or Hawaii identification card number; or
  3. Account number, credit or debit card number, access code, or password that would permit access to an individual's financial account.

Server Registration

As required by University Executive Policy E2.214 (http://www.hawaii.edu/policy/e2.214), ALL servers operating on the University network must be registered and regularly scanned for sensitive information and vulnerabilities.


US-CERT Vulnerability Alerts

The United States Computer Emergency Readiness Team (US-CERT) provides the latest updates about current threats and vulnerabilities. You can subscribe to their feed to get the latest updates about ongoing vulnerabilities and other cyber threats.

Visit https://www.us-cert.gov/ to learn more.


Don't Fall for Phishing:
Stop. Examine. Ask. Report.
S.E.A.R. the Phish

SEAR the Phish Logo
SEAR the Phish

Stay Informed! Follow us and like us:

Twitter Logo Twitter     Facebook Logo  Facebook