Ransomware: What Is It and How Does It Happen?

While new cyber threats, like deepfake phishing and MFA bombing, are on the rise, older types of threats remain a big danger. Understanding what these threats are is vital to protecting your personal data and UF’s digital environment.

A particularly damaging threat is ransomware — a type of malware that prevents users from accessing their device and the data stored on it. This is usually done by encrypting the files on that device—it can happen on your smartphone, laptop, or PC. The malware is typically introduced through a traditional social engineering scam like phishing. Ransomware attackers claim that if the user pays some amount of money — a ransom — then the attacker will provide the decryption key needed to restore the data. In reality, the hacker may or may not provide that key…even after the victim pays.

If losing access to your data is not bad enough, ransomware attackers often steal copies of the data before they encrypt it and then threaten to release what they’ve found unless the victim pays the ransom. Think about what it would mean for someone, somewhere, to have your personal photos, emails, and documents stored on your device.  Even if you paid to get them back, a year or more later the ransomware attacker could come back and threaten you again with an extortion demand or just decide to put everything they stole from you on a website.

According to Verizon’s 2024 Data Breach Investigations Report, email is one of the most common methods for attackers to carry out “system intrusion” attacks, like ransomware and extortion. Recognizing the signs of phishing, such as strange email addresses, urgent and unusual requests, and suspicious links, can help protect you from a ransomware attack. Regularly backing up the files on your computer to a cloud or external drive can also be helpful if you fall victim to an attack.

UFIT offers several options for cloud file storage at no cost for faculty, students, and staff through the GatorCloud. To learn more about how to back up your entire computer, with both cloud and local options, visit https://security.ufl.edu/learn-security/protect-my/computer/#backup.

Understanding Social Engineering

Social engineering is the term for exploiting human psychology, rather than traditional hacking techniques, to gain access to buildings, systems, devices, or data. For example, a social engineer might call a UF phone number and pose as an IT support person, trying to trick the employee into divulging passwords. David Maurer in The Big Con writes of 1940s confidence [con] men and how they gained the trust of victims. It’s the same in the 2020s: social engineers want to seem believable whether by email, phone call, text, or in person–they gain the victim’s trust to get what they want. Two types of social engineering techniques are employment scams and tailgaiting:

1. Employment scams are plentiful, and many, if not most, students have received an email advertising a 10 hour per week campus job earning $350 per week. Think twice before clicking on the links in an email advertising a job you didn’t inquire about.
2. Tailgating is when someone enlists your help to gain unauthorized building access. An example is when a person with an armful of packages asks you to open the door with your UFID card since they can’t reach theirs. You naturally want to be helpful, but someone now has access they shouldn’t.

UFIT is launching an updated social engineering webpage this spring. In the meantime, if you suspect an email you receive in your GatorMail may be phishing, report it to abuse@ufl.edu. And remember, Gators…be aware of who you are letting access UF residence halls, academic buildings, and other secure campus spaces.

Campus-Wide Message: Ransomware and Phishing

Vice President and CIO Elias Eldayrie emailed all UF faculty, students, and staff this morning with facts about ransomware and phishing. Eldayrie also listed some key success indicators for securing campus, like a decrease in compromised accounts and the increase in reporting potential phishing emails, made possible because of the campus’s buy-in and involvement on cybersecurity issues. The statistics Eldayrie shared are:

Unauthorized Account Usage
Since implementation of multi-factor authentication, UF has seen a 99.7% decrease in compromised accounts
Phishing
Since installation of the phish alert button into GatorMail, faculty, students, and staff have reported more than 14,500 suspicious emails, leading to fewer successful phishing attempts
IT Security Risks
Since launching the new risk assessment process in 2016, 5,200+ risk assessments have been submitted by faculty and staff prior to technology purchase, allowing for review of security gaps and risk

UFIT engages in year-round training and outreach to help UF better understand information security risks, like what to look for before clicking on links in emails–especially those with the [External Email] banner. President Fuchs also recorded a video about ransomware and phishing to support outreach efforts. View the President’s video here.

Additional resources to help our campus community securely teach, learn, research, and conduct university business are listed on https://security.ufl.edu/resources/.