Ransomware

Brown has recently experienced some ransomware attacks, including one that affected a Biomed lab. Investigators and lab staff should take proper precautions against these attacks in Biomed labs, where computers are shared among multiple people and/or connected to lab instruments. Please observe the following practices:

  • Don't store any data you wouldn't want to lose on the computer's hard drive. Use a network share or Google Drive instead. These are both backed up multiple times per day. Data on the computer's hard drive is likely to be lost if the computer is infected.
  • Avoid using computers attached to lab equipment for email or general web browsing. If the computer gets infected and has to be rebuilt, you will lose the use of the equipment while this is done.
  • Uninstall unnecessary plugins or make them ask permission to run. (instructions here) Ensure plugins such as Flash or Java are configured to update themselves automatically. If you run software that requires an older plugin version (common with Java), attempt to update or replace that software.
  • We recognize that software is often shared by investigators working in the same field. But be careful about what software you download and be sure you know where it comes from. If you don't know its developer and it's not a well-established product, perform a web search on the software's name and see if any malware complaints pop up.
  • Ensure that all computers are running antivirus software and that it is updating itself regularly, at least once every few days. This is important for Macs as well as PCs--ransomware has been seen on Macs. Antivirus software is available at no charge for both Brown- and personally-owned computers at software.brown.edu.
  • If you use a flash drive, scan it regularly with your antivirus software. 
  • Configure Microsoft Office software not to run macros. (instructions here). If a document requests that you enable macros, don't do it unless you have rigorously checked its legitimacy.
  • On Windows, be sure System Restore is active. To check this on a Windows 7 computer, right-click Computer, then click Properties->System Protection. In the window that opens, check the Protection Settings and ensure that protection is set to On. 
  • Be suspicious of vague or unusual requests from people who may have you in their contact lists.  For example, an email requesting that you "review the attached document" from someone who seldom emails you. The sender's machine may be infected with malware that is attempting to spread to you. This type of incident has become very common at Brown.
  • If you notice any unusual activity--particularly filenames you don't recognize or windows that suddenly open mentioning encrypted files--disconnect your computer from the network (wired and wifi), shut it down, and contact us immediately.

Remember--if a computer becomes infected it will need to be completely reformatted, deleting any data that was not backed up.

The Biomed Computer Services Office is dedicated to serving the needs of the Biomed Division's researchers. Please feel free to contact us at biomed_CSO@brown.edu or 3-2464 with any questions or concerns about your lab's computers.