Ransomware: What Is It and How Does It Happen?

While new cyber threats, like deepfake phishing and MFA bombing, are on the rise, older types of threats remain a big danger. Understanding what these threats are is vital to protecting your personal data and UF’s digital environment.

A particularly damaging threat is ransomware — a type of malware that prevents users from accessing their device and the data stored on it. This is usually done by encrypting the files on that device—it can happen on your smartphone, laptop, or PC. The malware is typically introduced through a traditional social engineering scam like phishing. Ransomware attackers claim that if the user pays some amount of money — a ransom — then the attacker will provide the decryption key needed to restore the data. In reality, the hacker may or may not provide that key…even after the victim pays.

If losing access to your data is not bad enough, ransomware attackers often steal copies of the data before they encrypt it and then threaten to release what they’ve found unless the victim pays the ransom. Think about what it would mean for someone, somewhere, to have your personal photos, emails, and documents stored on your device.  Even if you paid to get them back, a year or more later the ransomware attacker could come back and threaten you again with an extortion demand or just decide to put everything they stole from you on a website.

According to Verizon’s 2024 Data Breach Investigations Report, email is one of the most common methods for attackers to carry out “system intrusion” attacks, like ransomware and extortion. Recognizing the signs of phishing, such as strange email addresses, urgent and unusual requests, and suspicious links, can help protect you from a ransomware attack. Regularly backing up the files on your computer to a cloud or external drive can also be helpful if you fall victim to an attack.

UFIT offers several options for cloud file storage at no cost for faculty, students, and staff through the GatorCloud. To learn more about how to back up your entire computer, with both cloud and local options, visit https://security.ufl.edu/learn-security/protect-my/computer/#backup.

Improving Technologies Make Impersonation Scams More Effective

Most of us have received phishing emails in our inbox and smishing messages on our phones impersonating people or companies we trust. According to the US Federal Trade Commission (FTC), consumers lost $1.1 billion to these types of social engineering scams in 2023. That is three times more than in 2020, with strong growth expected now that artificial intelligence (AI) technologies can be used to make phishing communications more convincing. 

We have often been able to spot these impersonations by noticing non-standard language in sentences, grammatical errors, or messages that don’t seem to apply to the situation. But as AI tools improve, scammers can use them to rapidly create very convincing messages that lack the tell-tale signs we’ve become accustomed to spotting. It is even possible to use so called deepfake tools to create convincing audio and video of someone speaking – using only short clips of the real person speaking.  

Here are other clues to help identify impersonation scams:  

  • Verify the source. Check the email address the email was sent from, and if a suspicious email comes in to your GatorMail email, double-check whether the message is flagged in red as [External Email]. On your phone, smishing messages often appear to come from an email address rather than a phone number. 
  • Check with the sender. Impersonation scams often want to give you the impression that the real person being impersonated is not available, which is why they need you to quickly take some action for them. But it doesn’t hurt to give the real person a call or send a message to verify, because if they answer, it was probably a scam! Do not hit ‘reply’ or ‘redial.’ Instead, look up the person in your contacts or find a reliable contact for companies independently (such as calling the phone number on the back of your credit card if you get a text purportedly coming for your bank) 
  • It’s a good idea to agree on a way to authenticate communications with people ahead of time, such as by creating a ‘code word’ that family members can use if they are really in trouble.  

If you find yourself the recipient of an impersonation scam, you should report the fraud to the FTC. This helps federal investigators stop scammers before they can reach more people. 

For more information on impersonation scams, visit https://security.ufl.edu/learn-security/.

Phishing vs. Spam

Most of us receive phishing and spam email daily. Phishing emails are intentionally deceptive and designed to scam personal information by impersonating known organizations, people, or companies. Spam emails are unsolicited junk emails that contain commercial or sometimes misleading information and are sent frequently, even from legitimate company or organizational email addresses.

Unlike emails sent legitimately from companies or organizations, phishing attempts often begin with impersonal greetings, such as “Dear Client,” instead of addressing you by name. They also frequently contain grammar or spelling errors and urge you to click on a malware-infected link. Always hover your mouse over a link to see if it leads to the intended site or use the URL Decoder on mail.ufl.edu. Spam emails don’t have as many defining characteristics, but they are usually advertisements sent frequently to alert recipients of sales, or that urge you to do something, like completing a survey or visiting a website.

You should always report phishing emails received in your UF GatorMail email. Also, you may be able to cut down on the amount of spam you receive by unsubscribing from company and organizational marketing emails. Students, faculty, and staff can use the Phish Alert Button in their GatorMail to report phishing attempts. For spam emails, unsubscribe from all of the sender’s communications by looking for an “Unsubscribe” link at the bottom of the email (usually in small text) of each spam message received.

Learn more about email safety: https://security.ufl.edu/resources/email-safety/.


The Personal Cost of a Cyberattack

The digitalization of our lives leaves us vulnerable to malicious attempts from cybercriminals to steal, expose, or destroy our personal and sensitive information through cyberattacks. As new technologies evolve, so do the tactics used to target individuals, including ransomware, credential theft, and more sophisticated social engineering scams. These attacks are increasing worldwide, with Check Point Research revealing a 38% global increase from 2021 to 2022 — affecting an average of one in three Americans.

So, what could a cyberattack cost you? Research from the Centre for Counter Fraud Studies found victims of cybercrime experience psychological impacts, such as anxiety, anger, and embarrassment, even if the attack didn’t result in monetary loss. A compromised account or hacked device can quickly escalate from an inconvenience to a financial stressor. Phishing, the top reported cybercrime to the FBI in 2022, cost victims an average of $173 per attack. UFIT’s Secure the Swamp video highlights the experiences of three UF students who fell victim to phishing attacks, with one attack resulting in their financial aid being stolen.

A common theme amongst malware and phishing attempts is malicious links and the attacker’s use of personally identifiable information that tricks you into giving your password. You can use GatorMail’s URL decoder to make sure the site you plan to visit is safe. And remember: No one from UF will ever ask you for your GatorLink password!

A cyberattack can disrupt your life with serious repercussions. The best way to protect yourself from a cyberattack is to be informed and practice safe cyber routines. View UFIT’s resources on the best practices to help protect yourself from malicious cyber activity.

Help UF Win the Cyber State Championship!

The Cyber Bowl is back! To spotlight Cybersecurity Awareness Month, UF has challenged nine other Florida universities to beat us on the virtual football field. The 2023 Cyber Bowl is an online competition, held Oct. 9 – Oct. 20. The Gators are competing for the title of State Champions against Florida State University, the University of Central Florida, the University of Miami, Florida Gulf Coast University, University of West Florida, University of North Florida, Florida International University, University of South Florida, and New College.

The Cyber Bowl consists of five questions, each related to social engineering. So, how do the Gators win?

The university with the highest percentage of faculty, students, and staff game players (based on their population number for each affiliation) wins. All that’s needed to register your entry in the game is a valid UFL.EDU email address. Every participating university is answering the same five questions. Just for playing in the Cyber Bowl, you’ll be entered to win a pair of tickets to the sold-out Florida-Florida State game on Nov. 25! UFIT will randomly select the winner from all game entries after the Cyber Bowl ends. You don’t have to answer the questions correctly for a chance to win. Just complete the entry screen after the questions.

To play, visit cyberbowl.security.ufl.edu anytime between Oct. 9 – Oct. 20 and answer the questions. Make sure to enter your GatorLink credentials at the end of the game, so your entry is counted for UF. Thank you for participating in this year’s Cyber Bowl… and GO GATORS!

Why You Should Delete Old Apps and Files

We store everything in our phones–saved media, files, and data stored inside apps. While this makes it convenient to document our life on social media or quickly retrieve a class file, it can also slow down your iPhone or Android device.

Even worse: A phone with tons of data and images stored on it is the holy grail for cybercriminals, who can hack into it and ransom your photos and personal information (like credit card numbers stored in an app) back to you. They can steal your identity and go shopping with your credit card or PayPal balance. They can decide to sell your data on the dark web. Whatever they do will severely disrupt your life. In addition to making sure you
use a strong password on your phone, it’s a good idea to delete any apps from your phone that are obsolete for your life now.

Your device will also run faster if unused apps and files are deleted. Most phones will list when you last visited each app. Did you download an app for a class or for a trip taken last year? If you don’t need it, delete it! Also, relocate content from your phone to an external storage service. Did you know that faculty, students, and staff get 5TB of OneDrive storage? Take advantage of this highly secure free cloud service today! Contact the UFIT Help Desk if you need assistance using OneDrive.

Protecting Your Smartphone

Mobile malware is malicious software that targets mobile devices. Widespread ownership and constant daily usage of smartphones make them an ideal target for cybercriminals trying to steal personal information, money, or gain control of a device. Zimperium’s 2023 Global Mobile Threat Report notes a 53% increase in malware affecting cellphones in 2022.

Vulnerabilities in the operating system and activities such as rooting or jailbreaking are the most common means for getting a malware infection. Never jailbreak or root your phone, because the device’s built-in security controls will be disabled. And do not download third-party apps from outside official Apple and Android stores because they are not vetted for malicious content.

Stay cyber-aware, Gators! Did you know anti-malware software is available for most smartphones? Spend 20 minutes to better protect your phone – along with your money and personal information – by reviewing these webpages:

1. Visit UFIT’s ‘protect my mobile device page’ and learn about enabling encryption, turning on automatic updates, and more.
2. Use the Security Checkup feature in DUO’s mobile app to review your phone’s security settings.

Updated Info Security Training for 2023

Just in time for the new academic year! UF’s Information Security Office has updated its mandatory annual training. Faculty and staff will receive an email reminder on their one-year anniversary of their previous training completion date, but can take the training any time. There are six modules in the training and they take approximately 35-45 minutes to complete. Visit this page to take the training.

The number one cause for compromised GatorLink accounts is when a student, faculty, or staff member opens and responds to a phishing email.

Students can take the phishing module that’s part of the full training. The stand-alone phishing module is a great way to become better informed about how cyber-criminals operate. Now that you’ll be interacting with campus departments and faculty (who cyber-criminals will try to impersonate), students are strongly encouraged to learn how phishing works. Students can find the link to the phishing module training in the ONE.UF menu. The 15-20 minutes you invest in taking the phishing training can pay off in a big way when you learn how to spot and report malicious emails, instead of opening one and inadvertently bringing on a world of hurt on yourself…and potentially your university.

Increasing in Higher Ed: Malware Attacks

Malware attacks against higher education increased by 26% last year. With a reported 191+ million malware attacks in 2022 in the state of Florida alone, cyber-awareness is as important on college campuses as writing skills and advanced math knowledge. Cybercriminals frequently target universities through malware attacks to steal sensitive and restricted data, such as student and employee social security numbers, protected health information, and credit card information. Malware is malicious software or code that steals, encrypts, and/or deletes sensitive information after being introduced to a device through phishing emails, compromised flash drives, fraudulent websites, and peer-2-peer file sharing sites. According to SonicWall, the 10 most common malware file names are:

1. purchase order.exe
2. soa.exe
3. invoice.exe
4. swift copy.exe
5. quotation.exe
6. img-order-confirmation-pdf.exe
7. payment copy.exe
8. ziraat bankasi swift mesaji.exe
9. shipping documents.exe
10. new order.exe

If you receive what you think is a suspicious email or an email with one of these .exe files attached, do NOT open, reply, or click any embedded links or files. Report suspicious emails received in your GatorMail inbox using the phish alert button. Faculty, students, and staff can become better cyber equipped by taking the free training available through the UF Information Security Office.

ChatGPT: Guidelines for Campus Usage

Responses provided by the ChatGPT application can save time, but beware: the data you input or ask the app to develop may be retained and provided as responses to other users. ChatGPT users have very limited control over its use of the data provided to the app, and its parent company–OpenAI–does not currently offer a process to amend or delete entries submitted. UF’s Privacy Office and the UF Information Security Office want everyone in the Gator community to understand that putting data into ChatGPT or a similar service is equivalent to disclosing the data to the public.

ChatGPT is currently being assessed for regulatory concerns related to privacy and confidentiality of data. University of Florida data classified as sensitive or restricted is not approved for use with ChatGPT. Sensitive and restricted data includes:

Social Security Numbers
Education Records
Employee Data
Credit Card Numbers
Protected Health Information
Human Subject Research Data
Unpublished Research Data
Personally Identifiable Information

An assessment of ChatGPT has been added to the university’s technology solutions website: https://irm.ufl.edu/fast-path-solutions/items/chatgpt.html. Remember that all faculty, staff, and students share the responsibility of keeping UF information secure. Visit the Office of Privacy website for additional information on using ChatGPT.