Universiteit Leiden

nl en

ICT, Security

Cybersecurity Awareness Month: First aid for a ransomware attack

19 October 2023

A ransomware attack is one of the most common security incidents in education and research. These kinds of attacks can often be traced back to human behaviour: one wrong click can have major consequences. But what exactly is ransomware? And even more important: what should you do if you think you have become involved in an incident?

This week, cybercriminal Granny Smith will show you how a ransomware attack is carried out. Scroll down to see the video: would you open the infected attachment?

What happens in a ransomware attack?

Ransomware is malicious software used by hackers to lock and encrypt files. As a user, you can then only access your files in exchange for a ransome.

Just think how many files there are on your work computer: sizeable reports, your financial administration, research results, and much more. All of these are extremely important for the continuity of teaching, research and support activities at the university. This makes such files an attractive target for cybercriminals. 

Hackers can use malware to remotely lock and completely encrypt your files. This often happens via a file that you have inadvertently stored on your computer, for example if you opened an infected attachment in a phishing mail. Opening an infected file can activate the malware. All your files will then be locked and you will no longer be able to access them. Always be wary if you are explicitly asked to disable protected view when opening the attachment! This can be a ploy to activate the malware hidden in the attached file. 

What about if you have accidentally activated the malware? Often, a ransom message will appear on your screen: a message from the hackers telling you how much you will have to pay to recover your files. At that point you have two options: you either pay the ransom or you resort to your latest back-up.

Help, a ransomware attack! What now?

If you suspect that you may be a victim of a ransomware attack, you should take the following steps:

  • Notify the ISSC helpdesk straight away. Due to urgency, it is best to phone via 071-5278888. Are you unable to call? Then send an email to helpdesk@issc.leidenuniv.nl.
  • Disconnect internet: remove the IP cable and switch off Wi-Fi on your device. This will prevent the malware spreading further.
  • Keep your device switched on. An expert may still be able to limit the damage from the ransomware attack if it is still in progress.
  • General tip: make regular back-ups of your files, especially your most important ones!

Video: Cybercriminal Granny Smith carries out a ransomware attack

Due to the selected cookie settings, we cannot show this video here.

Watch the video on the original website or

If you want to know more about what precedes a ransomeware attack, you can read this article about how you can safely share online information and check out these 7 handy tips to prevent phishing.

October is Cybersecurity Awareness Month

The number of cyber incidents in research and education − and other sectors too − is on the rise. Many of these incidents are related to staff actions. As a university, we therefore think it important to spend the month of October raising cybersecurity and privacy awareness.

This website uses cookies.  More information.