Skip to main content

Ransomware is a variety of malware that encrypts users’ files, accompanied by a demand for payment – often in Bitcoin – in order to recover the encrypted data.  Recent news stories have highlighted universities and even entire cities having their core business systems encrypted and rendered inoperable by criminal hackers. This month, the cities of Pensacola and New Orleans suffered ransomware attacks that greatly impacted public services. Last week, a community college in Louisiana was forced to shut down its servers to investigate a ransomware attack. As a result, college staff had to input students’ grades and process enrollments manually. Other universities around the country have suffered data breaches and ransomware attacks that exposed them to significant data recovery or ransom costs. According to an industry study, more than half of organizations in the education sector have seen an increase in phishing with malicious links or attachments in the last year.

The Information Security Office requests your help to keep our systems – and your data – secure:

  1. View unexpected emails with suspicion, and don’t open attachments without verifying with the sender via a trusted phone number or in person.
  2. Remember that a sender’s email address may not be genuine. Be especially suspicious of messages not from a ucf.edu address claiming to be from a UCF employee.
  3. Secure systems based on University security standards (e.g., Standards 102 and 103):  https://infosec.ucf.edu/security-standards/ .
  4. Ensure your system is running an antimalware program that is updated regularly.
  5. Ensure you have a current backup of your data; test data recovery from backups.
  6. Follow UCF Policy 4-008 on the proper storage of Restricted and Highly Restricted data:  https://policies.ucf.edu/documents/4-008.pdf .
  7. Set strong passwords, and use a unique password for each account.
  8. If an email seems suspicious, report it using the Outlook Phish Alert Button or by forwarding it as an attachment to SIRT@ucf.edu .
  9. If your system displays a ransom notice, immediately contact SIRT and do not pay the ransom until InfoSec has conducted an evaluation.

For more information about phishing and how to report suspicious emails, please visit our site:  https://infosec.ucf.edu/awareness/phishing/ .

We all share responsibility for protecting the data that UCF collects, stores and processes.  If you have any questions about information security, please contact our office at infosec@ucf.edu.