Share:

Ransomware and you: Tips for avoiding NetWalker and others

by Elizabeth Jenike, IT Services

There’s no rest for the wicked, and that apparently goes double for malicious attackers during a pandemic.

The week of May 27, 2020, Michigan State University (MSU) was hit with NetWalker ransomware. According to EdScoop contributor Benjamin Freed, a hacker claimed to have stolen data, which included personally identifiable information (PII) of MSU students, and threatened to release the data to the public if their demands for ransom were not met. The hacker’s post on a blog associated with NetWalker contained a countdown clock which would, presumably, release the PII upon reaching 0.

Ransomware is nothing new, but NetWalker, also known as Mailto, offers what we’ll call a new “flavor” of malware. It first emerged in 2019 and is designed to target enterprise networks instead of individual users—and university networks qualify under the “enterprise” moniker.

NetWalker is a new flavor of ransomware simply because it breaks the mold in terms of how ransomware usually works. Under normal circumstances, ransomware will lock up a person’s computer or files and won’t unlock them until a sum of money has been sent to the hacker. This instance is different, however, because the hacker was able to explicitly steal the information and (presumably) the files will be automatically released by the program if the ransom isn’t paid.

MSU engaged the authorities immediately.

Hakuna Matata… for the most part

Faculty, staff, and students can breathe easy: Miami has not experienced any Netwalker incidents.

However, it never hurts to be prepared. As we continue our work-from-home and learn-from-home lives, it’s even more important now that we remain vigilant and maintain a high level of security know-how. Protecting Miami’s data and resources is in our hands when it comes to our personal devices—so let’s make sure we’re doing our part.

Prevention is key

There are a few tried-and-true methods that can go a long way toward keeping hackers out of your—and Miami’s—personal information. Here is a short list:

  • Back up your data: In the event you need to wipe your machine to get rid of a bad file, you don’t want to lose the pictures of your kids, vacations, or—most importantly, according to this writer—cats. Back up files regularly to solve that potential problem before it happens.
  • Install security patches as they are available: Operating systems like Microsoft are always coming out with new patches, and it might seem annoying to have to update your machine all the time. However, some of these patches are released to fix bugs that could present vulnerabilities to malicious actors. (This goes the same for keeping your operating system up to date, as well.)
  • Avoid phishing and scam emails: Send suspicious messages to InfoSec@MiamiOH.edu. Our security team will investigate and can block unsafe links from the Miami network.
  • Use VPN when accessing Miami resources: This is especially important as we continue our work-from-home activities. Using VPN makes it so that you use Miami resources via our connection. That means an extra boost to security.

Disconnect, disconnect, call!

Here are some quick actions you can take if you believe yourself to be the victim of a ransomware or other malware attack: 

Disconnect your device from the network

Whether this means unplugging your hardwired machine from your cable modem, turning off the Wi-Fi router, or setting your phone to Airplane mode, it’s critical to get the device offline.

Disconnect external storage

If you have devices connected such as external hard drives, USB drives, cameras, or other storage tools, disconnect them. This way, the malware can’t jump from those devices to another machine down the line.

Do not turn off your computer

Instead, call IT Help immediately at 513-529-7900. Someone will assist you with the malware removal or appropriate next steps.


A picture of a laptop displaying lines of code

Remember: Call or click

Again, don’t forget to email InfoSec@MiamiOH.edu with any suspicious messages or call IT Help 513-529-7900 immediately if you believe you have been the victim of a security compromise. Stay vigilant, RedHawk friends!