In a momentous week in cybersecurity, international law enforcement officials took down two significant criminal enterprises: the Emotet botnet and the NetWalker ransomware ring. Emotet had more than a million PCs harnessed for malicious purposes, and Netwalker extorted more than $27 million from its victims, including the University of California.

Cyberspace is safer, but Netwalker represented only a small part of the active ransomware threat, and other botnets grow daily. Vigilance against phishing and regular backups are the best defenses against an increasingly sophisticated threat.

Active defenses, including network intrusion detection and anti-malware, can protect against some ransomware, but advanced criminal enterprises regularly produce malware that bypasses detection. That's why a good, regular backup is the best defense against ransomware.

  • Back up your PC and server-based datasets regularly. Malware disables automatic capabilities like Windows shadow copies, so you can't solely depend on them. 
  • Always detach backup media after each backup. Ransomware actors will destroy connected backups before encrypting files.
  • When practical, two backups are better than one. Consider backing up to a cloud service and keeping a local offline copy.

Consider online solutions like Google Workspaces or Microsoft Office 365 as alternatives to PC-based solutions for office productivity tools. These services store files in replicated data centers, and these systems permit the creation of multiple versions to track the history of a document. Both Google and Microsoft allow for downloading files for offline editing.

Large datasets like those found in research pose particular challenges. Consult your IT support staff to explore alternatives. Databases that support UCSB’s operation must be backed up to enable restoration from either a natural or human-made disaster, including ransomware.

To report ransomware or other malicious activity on your device, contact security@ucsb.edu or follow the instructions here.