What to do if you come in contact with ransomware:
- Get the device OFF the network immediately (disconnect the network cable or turn off the wireless antenna)
- Remove any external devices.
- Change ALL your passwords to something totally different from your previous passwords. DO NOT RECYCLE PASSWORDS from your University account on other systems such as Facebook.
- Contact IT-EntSec and either Brent Mehring or Vicki Harpe.
- Contact your department's technical support person (Tier 1).
- Ensure that all essential data is backed up to multiple devices (this malware “can” spread to other drives including network drives) therefore external storage should be considered and backed up frequently.
- Ensure that you have the spam filtering rules applied to your email account to prevent phishing and other bogus email from being delivered to your Inbox. For instructions see the following (PDF)
- Validate that your machine has current virus protection installed. (This should be Windows Defender on University owned Windows systems.)
- If you do receive a suspicious email please enlist technical assistance before taking any action (including clicking on links, or replying).
- If you suspect that it is possible that you have come in contact with a bogus phishing scam or virus change your password to something totally different from your previous password. DO NOT RECYCLE PASSWORDS from your University account on other systems such as Facebook.
- Several security risks are also associated with old versions of Java, and Adobe products. Please ensure that you are running the latest version of both by going directly to the company web sites for updates. If you come in contact with this virus and you see the following screens, first disconnect the network cable or turn off the wireless antenna immediately, and remove any external devices. Then contact your departments technical support person immediately.