Increased Risk: Malware and Ransomware

The National Cyber Security Centre has just released some guidance on a new(ish) trend of malware and ransomware attacks specifically affecting public and private sector institutions. Without going into the boring details (although, if you want those, please head down to the bottom of this post!), the latest spate of attacks aren’t necessarily targeting institutions directly, but rather targeting those who search for information about those institutions. Which, in the context of what we do, means students, potential students and the general public. The way it works is: when someone searches the web for information about a specific topic, the web results may show a very high match and take them to a dodgy site that says, ‘Hey, download this file! It contains all the information you want!’ Except it doesn’t. What it contains is a bit of software that goes out and downloads OTHER software that then locks every single important file on your computer, your cloud and maybe on your whole network, depending on how you’re connected.  It’s more important than ever to be wary of anything that comes up on the internet. Below, I’ve listed a few simple guidelines that can help you potentially save yourself some stress and heartache as well as some resources about the particular malware we’re being warned about.

        1. Be sure to have at least two backups of your important data. One on the cloud and one on some form of external media (hard drive, memory stick, clay tablets… Hey, I don’t judge!)
          1. As a corollary, if you can afford it or if you otherwise have access to a paid version of cloud storage, please use that in preference to a free version. Paid versions of cloud storage usually have a separate backup facility that allows you to recover deleted or corrupted or ransomed files for up to 30 days. For what it’s worth, using your @cam account for Microsoft OneDrive gives you, effectively, a paid-for OneDrive account by dint of being a student or employee of the University of Cambridge.
        2. When searching for information via Google, Bing, DuckDuckGo, etc., make sure – before you click on any results – that the web site you’re going to at least has a general resemblance to a topically-related web site. If you’re looking for information on “Cats and dogs, living together” (Mass hysteria!) and a website comes up that says it’s not only got your EXACT search term, but the URL is something like (i.e. the URL has nothing to do with cats or dogs except for the last bit, which exactly matches the search term) – be suspicious. If it’s … well, then it’s probably ok. PROBably.
          1. ALL search engines I’m aware of should show you a longer version of the link you’re clicking either just above or just below the link; even on your phone. This is where you find the information, as above, on the URL you’re clicking.
        3. Don’t click on search result links that are PDFs or Word Documents (or Excel or OpenOffice or anything like that) unless you expect that link to be a PDF or a Word document, etc. If you’re searching for info on, to reuse the above, “cats and dogs living together”, and you get a URL that is: – be suspicious.
          1. Again, as a corollary, don’t open any unexpected PDF or Doc/Docx files in your email, either; even from people you know.

As much as I have fun writing up silly search terms and things, this is all really important and is a huge part of being safe on the Internet. Like many types of modern malware, the infection vector of this particular threat is reliant on people clicking infected files and running them. The biggest way to stop the spread of this sort of malware is through education. I know it’s not the most fun part of being on the Internet, but it’s important. Please do take a look at the following links and resources.

And, for people in Camrbidge, if you’re unsure about an email, an attachment to an email, a link, or anything else IT-wise, send it along to me (computing@english) and I’ll help you! :)

(and, for the really very curious, the specific details from the National Cyber Security Centre about the new(ish) attacks on public and private institutions are related to malware called GOOTLOADER, which is a bit of software that basically installs itself when you visit an infected web site, downloads some other software that will encrypt your files, and sends you a ransom note. More info about GOOTLOADER from SecurityWeek and a bit more for the layperson from Blackberry Security and then a really in depth report on how the infection has worked and changed on the Mandiant blog.)

As always, this post is intended for the self-described non-technical person. If you have any questions or specific concerns about anything I’ve talked about or if you’re unsure why I’ve phrased something a specific way, please do get in touch!