MU Information Security Elevated Risk Advisory…
Don’t get LOCKED out of your computer by RansomWare!
Ransomware is a type of malicious software that infects computer systems, restricting users’ access to the those systems. According to a recent security bulletin released by the US Computer Emergency Response Team (US-CERT) “Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.”
Impact
Ransomware targets both institutional and home users and systems which become infected can lead to negative consequences, including:
Temporary or permanent loss of sensitive or proprietary information,
Disruption to regular operations,
Financial losses incurred to restore systems and files, and
Potential harm to an organization’s reputation.
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed. Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.
Solution
US-CERT and Marshall Information Technology team recommends system users and administrators take the following preventive measures to protect their computers from ransomware infection:
Backup Your Data – Perform and test regular data backups to limit the impact of data or system loss and to expedite recovery in the event of infection. NOTE: Ideally this data should be kept on a separate off-line device because an infected system can attempt to encrypt ALL attached storage (including network shares) to which the individual has write permissions.
Update Your System Early and Often – Ensure that your computer has the latest operating system and application updates. Systems running vulnerable software are targets of most attacks.
Maintain Up-to-Date Anti-Virus Software – Running current versions of anti-virus/anti-malware software with the latest virus definitions and scanning all Internet software downloads prior to their use.
Avoid Enabling Macros on E-mail Attachments – Currently Microsoft Office products will disable executable macros in files. Do not enable macros on unsolicited files from untrusted sources.
ALWAYS be wary of unexpected e-mail messages (regardless of the apparent source) which include file attachments, web URL’s, or are written with a sense of urgency for you to provide computer passwords or reveal personal financial information.
If you receive one of these messages…
Please protect yourself and your campus colleagues by following the principle of STOP-THINK-CONNECT:
STOP. Do not act too quickly to open the attachment or follow an unsolicited URL. The criminal is counting on you responding quickly to the urgent nature of the message.
THINK. Why did this person send me this file? Should I verify the sender before opening? Am I 100% confident that my system and data are protected should this attachment end up being malicious? If not, then perhaps you should simply delete the e-mail message.
CONNECT. Get a second opinion from a co-worker and report the message to your department IT Service Provider or a member of the Marshall Information Technology team.
If you receive a suspicious looking e-mail message….
We ask that you take the following actions:
Please delete the message from your inbox if it is obviously fraudulent.
As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however
If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at 304-696-3200 / itservicedesk@marshall.edu.
Protecting Yourself From E-mail Fraud (aka Phishing)
https://www.marshall.edu/it/departments/information-security/phishing-scams/
InfoSec Tip #7: Don’t Be Tricked
https://www.marshall.edu/it/training/infosec-tips-7/
Thank you for your continued awareness,
Jon B. Cutler, MS, CISSP
Chief Information Security Officer
Marshall University, Division of Information Technology
Drinko Library 324, 1 John Marshall Drive, Huntington, WV 25755
Phone: 304-696-3270, @joncutler | BeHerd Feedback
http://www.marshall.edu/InfoSec