Malware & Ransomware

You will seldom see a newscast that doesn't include something about the latest cybercrime activity -- leaked emails, viruses, stolen funds and more. You can take practical steps to protect yourself, and this page will give you an idea of what you're up against.

Malware

Malware is short for "malicious software." It is a program or file designed to be disruptive, invasive and harmful to your computer. Types of malware include viruses, spyware, adware and worms. Malware frequently strikes the Ohio State campuses, causing varying degrees of trouble. It is most frequently transmitted through e-mail attachments, Instant Messages (IM), peer-to-peer downloads, phishing and misleading web sites. Virus outbreaks cause harm by destroying data on infected computers and/or by increasing network traffic by triggering e-mail messages that carry the virus to all e-mail addresses in an address book or a random combination of addresses. If viruses are not halted quickly, the flood of e-mails can swamp university servers, disrupting e-mail service for all. Virus software is identifiable by its actions and many tools are in place to combat this threat to your computer. You can also employ additional security.'

Ohio State's Central E-mail Antivirus Protection

Ohio State's central e-mail system pre-scans all messages for known computer viruses and discards those found to be infected. However, virus detection and elimination is still an individual responsibility, because scanning the central system is only the first step in eradicating viruses and malicious programs.

Individual Preventative Measures

With a little bit of effort, you can protect your computer and help the university avert more wide-ranging problems. Follow these steps to prevent problems or to deal with viruses if your computer becomes infected.

  • Install antivirus software on your university owned computer.
  • Keep your virus definitions up-to-date, even if there's no report of a new virus.
  • Don't open or execute unexpected attachments.
  • Turn off the preview feature in your programs for added protection.
  • Also turn off any program features that may automatically open an e-mail, Instant Message, attachment file or download.

Ransomware

Ransomware is a type of malware that is designed to block access to all or part of a computer system until a sum of money is paid. Because attackers are looking to maximize their payday, the targets are typically larger entities (departments, colleges, businesses) that not only are likely to have the funds, but also experience a significant loss when they cannot access their systems. However, individuals are still a target of ransomware because they can be a doorway into an organization’s systems.

When it comes to preventing or detecting ransomware, there is no silver bullet. However, you can use some of the following techniques to help prevent and detect ransomware, which may help minimize your risk of getting malware.

Limit access to network file shares

Only allow the level of access required by the user’s business function. Limiting access to network file shares will prevent a computer infected with ransomware from spreading it to other computers on the network.

Keep things updated

Make sure all applications are up to date.  Outdated applications that don’t have the most recent security patches makes them vulnerable to ransomware and other malware.

Disable Microsoft macros

A macro is a set of commands that are automatically run when a file is opened.  One way to infect a computer is to include a malicious macro in a file that users might download. When macros are turned on, the harmful macro may automatically run when you download the file.  Turning off macros can remove this risk and help protect against ransomware and other malware. To disable macros in Microsoft Office 2016 products:

  1. Open the Microsoft application/program (ex: Word, PowerPoint, etc.).

  2. Go to the file tab and select “Options.”

  3. Go to the “Trust Center” tab and select “Trust Center Settings.”

  4. In the “Macros” tab there are the options for macro settings

  5. Select “Disable All Macros with Notification;” this disables all macros and alerts the user if a macro is present in the file.

Use a good antivirus tool

An antivirus is a tool that helps to detect and remove malware from your computer.  You should keep an updated antivirus. If available, you should leverage a suite of antivirus tools, such as:

  • Host Intrusion Prevention System (HIPS): HIPS monitors your computer and watches to make sure no major changes are made.  If a change is made, HIPS blocks the action and raises an alert.

  • Behavior-Based Scanning: Behavior-Based Scanning monitors for files for any irregular activity, which is based off of how the risk threshold is configured. Risk threshold rules define what actions should be monitored and raises an alert when these actions occur.

Symantec Endpoint Protection Suite which Ohio State also offers to colleges and departments, includes a number of these tools. To get the Symantec Endpoint Protection Suite contact your IT department.

Consider using Microsoft Enhanced Mitigation Experience Toolkit

Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a free software tool that helps to prevent vulnerabilities in select applications from being exploited.  It does this by putting mitigation technologies on applications selected by the user, blocking against potential exploitation. A few examples of mitigation technologies are spam and antimalware filtering, e-mail encryption and web application filtering.

Protect your department with whitelisting 

A whitelist is a list of entities that are being allow by the user.  This is the opposite of blacklisting, which is a list of entities that the user doesn’t allow on to its system.  Whitelisting can include emails, LANs, and applications. Ohio State offers the Symantec Endpoint Protection Suite, which includes a whitelisting tool. Contact your IT department to get the Symantec Endpoint Protection Suite and the whitelisting tool.