Ransomware

As viruses and malware continue to evolve with the changing technology landscape, a new form of virus has hit millions of individuals in the past year. Ransomware is a type of destructive malware that can affect the files on your hard drive and mapped network drives by encrypting your files. Following encryption, the user is presented with a warning and asked to pay a ransom to receive the key to decrypt their files again.

Some of the more popular types of ransomware include Cryptolocker, CryptoWall, TorrentLocker, Locky, and Reveton.

When did it begin?

In October 2013, a new virus surfaced primarily known as Ransomware that is a destructive attack to files on your system. Ransomware is typically transferred by email, appearing as an important document or program from a reputable source (e.g. your bank, a shipping company, or even your employer). The virus can also be acquired by going to unknown websites that may appear to be legitimate organizations. After communicating with a remote server, it generates a unique key for your computer and begins encrypting all common file types (such as .doc, .pdf, .html). After encryption has finished, a ransom request is then displayed requesting the user to pay for the key needed to decrypt their files within a limited time frame.

What is UBC doing?

UBC regularly monitors its IT operations and update systems to protect against threats, such as ransomware and more. In addition to ensuring we have up-to-date anti-virus software in place, our team monitors systems for threats and trends that may impact on the university community. Sophos Anti-Virus, the campus-supported solution, protects against threats such as ransomware, as well as other viruses and malware.

Departments that utilize the UBC Mail Relays automatically filter all incoming messages that contain viruses detected by Sophos. FASmail and Student & Alumni Mailbox users are automatically protected by the mail relay filters.

If you are a system administrator looking for technical information on how to protect your department, please click here.

What you can do

Malware Protection and Endpoint Detection and Response (EDR)

Malware protection software is an important tool to help prevent cyberattacks.

UBC’s Information Security Standard U7, Securing Computing and Mobile Storage Devices/Media requires that approved Endpoint Detection and Response (EDR) software be installed on all UBC-owned desktop and laptop computers. It also requires that personally-owned computing devices used for University Business* have up-to-date malware protection software installed at all times, configured to update at least once per day.

Not every type of cyberattack can be prevented with malware protection software, but it can be a great asset when trying to prevent intrusion into a computer.

Email Attachments

Never open attachments from suspicious individuals or messages with files that seem misleading. This virus in particular is known to disguise itself as a common PDF document by adding "PDF" in the file name. For more information on how to protect yourself against email attacks, please read our guide to email security.

Any suspicious emails or phishing attempts should be reported to the IT Service Centre by contacting security@ubc.ca. When reporting messages, please include the full email headers and any attachments.

Hosted Storage

If you are an eligible UBC faculty or staff member, we encourage you to save all documents on the Home Drive or TeamShare services. These services are routinely backed up in a secure environment and as they do not reside on your computer, are better protected against malware. All users are also encouraged to routinely backup incidental personal files onto a separate drive (such as an external hard drive or USB key) that is kept separate from your desktop and/or share drive.  If your backup files contain Personal Information, we recommend also encrypting the data and storing it in a secure location. In many cases, backups are the only solution to repairing files infected with ransomware.

Security Patches

The latest security patches should be applied to prevent vulnerability from cybercriminals. This includes security patches for operating systems, applications such as Java, Adobe products like Flash, Adobe Reader, browsers like Internet Explorer, Chrome, and any custom applications.

For more information

Technical Information

As previously communicated, a form of malware known as ransomware has been infecting computers with a virus that encrypts user files and demands a ransom payment for decryption to occur. Large organizations such as UBC are susceptible to such attacks and network administrators should be aware and proactive about protecting workstations.

Please evaluate your environment and follow best practices to ensure that users are informed and computers are secured.

Malware Protection and Endpoint Detection and Response (EDR)

Malware protection software is an important tool to help prevent cyberattacks. Not every type of cyberattack can be prevented with malware protection software, but it can be a great asset when trying to prevent intrusion into a computer.

Group Policy Updates

Similar to solutions such as CryptoDefense, departments utilizing active directory can enable group policy objects to restrict ransomware such as CryptoLocker from installing and modifying the registry. Enabling a GPO can be more efficient than individually installing CryptoPrevent on workstations due to its remote editing capabilities. It is important for directory administrators to evaluate all policy objects and their actions on existing and future computer usage. By placing restrictions on the registry, software such a Google Chrome and Microsoft Office may not be able to automatically download updates without administrator intervention. For information on how to apply a GPO into your active directory instance, please read Third Tier's guide regarding installation and exception handling.

Administrative Privileges

In order for the CryptoLocker software to properly function, users must have administrative user rights to their workstation. By limiting the privileges of user accounts, the risks of malware infection are significantly minimized. For users who require administrative privileges, we recommend creating separate user accounts with enhanced access levels. These administrative accounts should only be used when necessary, mitigating risk based on user access rights.

Procedure for infected workstations

If a workstation has been infected with a ransomware, immediately disconnect the unit from network connections, both wired and wireless. Users should immediately report their workstation as compromised to UBC IT Information Security by calling 604.822.6141 or emailing security@ubc.ca. An IT security specialist will assist with cleanup of drives, investigation, and potential recovery of files.

Page last updated on June 2, 2025

UBC Information Technology

6356 Agricultural Rd
Vancouver, BC Canada
V6T 1Z2

Related Sites

Need Help?

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Bluesky The logo for the Bluesky social media service. Bookmark A bookmark in a book. Browser A web browser window. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Time A clock. Chats Two speech clouds. E-commerce Cart A shopping cart. Facebook The logo for the Facebook social media service. Help A question mark in a circle. Home A house in silhouette. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Pencil A pencil indicating that this is editable. Telephone An antique telephone. Play A media play button. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Settings A single gear. Arrow indicating share action A directional arrow. Speech Bubble A speech bubble. Star An outline of a star. Twitter / X The logo for the X (aka, Twitter) social media service. User A silhouette of a person. Vimeo The logo for the Vimeo video sharing service. Youtube The logo for the YouTube video sharing service.