RIT Information Security Advisory - New Ransomware Attack Vectors

Ransomware is malicious software that encrypts a victim's hard drive and then demands that a ransom be paid in order to decrypt the contents. The frequency of ransomeware attacks across higher education continues to increase. The attackers may not come in a way you expect! We're seeing new attack vectors and want you to be aware of them. You may already be careful about opening attachments in email from you computer. Are you as careful when opening attachments or clicking on links on your smartphone or tablet?

Smartphones and other Mobile Devices - 2016 has seen many attacks targeted at Android and iOS (iPhone, iPad, iCloud) users. In one attack, hackers used compromised iCloud account passwords to lock the user's device.

Social Networking - Recently, Locky ransomware has begun leveraging social networks such as Facebook and LinedIn to promulgate attacks, using malicious files attached to image thumbnails. Instead of opening hte image, your browser downloads a file. The malware is in the downloaded file.

Email from Compromised Accounts at RIT - Although RIT spam filters catch more than 99% of malicious messages from outside RIT, we also see messages sent from compromised RIT accounts. Be vigilant and don't click on a link or image just because it appears that you received it from a colleague.

Phishing and Spear Phishing - One of the most successful attack vectors worldwide is spear phishing with malicious links, sent from internal and external accounts. (Spear phishing targets specific individuals or groups.)

Malicious Attachments and Links - Antivirus will NOT detect all malicious attachments. Using an account without admin privileges will provide better protection against infection. Malicious attachment names will vary, but we've seen invoice.doc, resume.rtf, sixt_receipt, Capital One 360, etc. We've also seen reports of ransomware leveraging MSWord macros.

What you should do

  • Ensure that you're backing up your information before you're attacked. Contact your Service Desk if you need more information
  • Use a strong password and don't share it
  • If you receive an email with an unexpected attachment or link, verify with the sender BEFORE opening the attachment or clicking on the link. Your colleague's account may be compromised. The malicious email may come from them.
  • Please submit suspected phishing/spam to ITS by creating a new mail note to spam@rit.edu and attaching the suspicious email. Then delete the suspicious email and/or attachment.
  • If you administer your computer ensure that anti-virus/anti-malware us up to data and functioning.
  • If you have clicked on a suspicious link or opened a suspicious attachment, change your password and contact your Service Desk immediately.

For more information

If you have any questions, please contact us or your service desk.