Information Services Division


FileStore@UCL ransomware protection

Information about ransomware and how Filestore@UCL is protected

What is Ransomware?

Ransomware is malware (malicious software) used to encrypt files without your consent to block access until money is paid to release them.

How is Filestore@UCL protected?

We use a malware detection product to protect your files on Filestore@UCL (this includes your N drive and shared S drives).
Malware protection monitors for suspicious activity (such as many files being locked at the same time) to ensure files do not get encrypted or “locked” without your consent.


Some file types/extensions are common with ransomware attacks and can look like legitimate files used in everyday activity. This is where “whitelisting" (or pre-approval of file extensions) is needed.
To avoid accidentally blocking access to needed files, we will help to whitelist before malware protection is enabled. Whitelisting is also an ongoing activity as ransomware (and the file types/extensions used to lock files without your consent) changes regularly.

File access denied alert

If you try to create or access a file which is identified as potentially being locked by ransomware, you will receive a desktop alert (Fig.1) and an email from isg@ucl.ac.uk letting you know ISD is aware of the issue.
This will be rare (and may be a false alarm) but is done to ensure the safety of your data.

A screenshot of a file access denied message

A ticket will be logged with IT Services and the incident investigated by the ISD Cloud Platforms Team.
If you use an application that creates or accesses a file which is identified as being locked by ransomware, you may not see a desktop alert. The ISD Cloud Platforms Team will still get a ticket to investigate the blocked file and will find the owner to assist.

Help and support

For further help and assistance please contact the IT Services helpdesk.