Beware of malware and ransomware attacks and take preventive measures
You are here
Dear Staff/Student
This article rides on the previous article of https://dicts.mak.ac.ug/articles/end-main-stream-and-extended-support-windows-os that was sent in the recent past about malware and ransom-ware attacks and we need to take preventive measures before we are caught unaware. Some of the recent ransom-ware attacks that have ravaged the cyberspace include WannaCry whose success was due to architectural deficiencies in the Windows 7 operating system which Microsoft intends to phase out completely.
Recently, another Petya-ransom-ware hit the cyber-space by encrypting data files and asking users to pay a ransom in order to decrypt their files (make readable).
WHY SHOULD I BE CONCERNED ABOUT RANSOMWARE?
Like I said before, users will mostly be responsive when they get hit!
Unfortunately, with these aggressive ransom-wares that have cost organisations huge data losses, you don't want to be part of the "experience" because chances of recovering/decrypting your data are rather slim. Therefore, all necessary preventive measures should be taken to avoid being infected.
WHAT SHOULD I DO THEN?
DICTS, en-devours to do it's best (within the available means) to secure the backbone network from intrusion, however this can never be full-proof security but rather mechanisms employed to further reduce risks or likely attacks and intrusions on the network and is a continuous process given that the nature of attacks and their intensity keeps evolving.
Whilst this is being done on the DICTS end, it's very important that end-users who are normally the weak link due to lack of awareness, are not duped by online fraudsters into giving away key information that can be used against them. Therefore, you are advised to take the following preventive measures in order to safeguard your computer and data.
1) Do not click links in emails whose source you are not sure about.
Some of these links are embedded with malicious code that is likely to damage your data and software on your computer.
2) Do not download email attachments from unclear sources and this also goes for any downloads. Avoid downloads from websites that are not secured/encrypted (https://). If the website you are downloading from lacks the "s" (http://) you may want to avoid downloads from it. If your bank website or any other website that permits e-transactions is not secured (https://), please steer clear of that website as it might only be a fake replica of the real thing! All websites that permit e-transactions are secured as a must.
3) Do not simply connect to open WiFi services in parks, cafes etc.
These are hot beds through which the unsuspecting user can be attacked.
Also turn off WiFi, Bluetooth on mobile devices if not being used as this not only saves on your battery power but also reduces the risks of intrusion.
4) Make sure the operating system version you are using is genuine and supported by the developer. Since most desktops and laptops run on the windows platform, it's important that you pay attention to support updates from Windows (see details in earlier email below).
5) Keep operating system updates (hot-fixes and patches) running in the background. Some of these are security fixes while others fix functionality glitches in the operating system. It's important that you keep these running.
6) Install a security solution/antivirus. The University provides Sophos for all users,please liaise with your unit ICT administrator for installation of Sophos on your computer.
7) Always back-up your data. Take advantage of the several free cloud storage solutions to back-up your data.The importance of a back-up is realized once you loose your data. Use services such as the GoogleDrive, DropBox,icloud,OneDrive etc.
8) ICT personnel should particularly pay attention to the "risk mitigation" and "work-around" details in the attached document for information on how to prevent or recover from a ransom-ware attack.
Please implement and adhere to given preventive guidelines above for the safety of both personal and institutional data and computing facilities.
Should you encounter difficulties in implementing any of the suggested measures, please liaise with your unit ICT administrator for support.
Kindest Regards, Mugabi Samuel
