A virus of the “Ransomewhere” family is a virus that encrypts all data files on your computer, network drives and external disks connected to the computer. To get the files back, the victim is required, within a specified time period, usually of 48-72 hours, to pay, using electronic means, a ransom of several hundred dollars to parties hiding behind false identities that cannot be detected. Encryption is often very sophisticated and does not allow for a reasonable dealing with it, except for restoring the computer from backup.
Any attempt to remove the virus may cause immediate loss of files and inability to get them back even after making the payment.
Recently, we have encountered several events of infection in the Technion, including faculty staff personal computers. Some events resulted in a complete loss of files along with loss of important and sensitive information. In light of these recent events, the Division of Computing and Information Systems recommends using a reliable backup system. Files backed up on the Technion central systems will not be harmed even if the ransom is not paid.