RIT Information Security Advisory—Ransomware on Campus
Last month, an RIT computer in one of the colleges was compromised by ransomware, leading to attempted encryption of files both on the computer and on network shares to which the computer was connected. Thanks to the diligence of support staff, the attack was detected and halted. Because the data was backed up, no information was lost in the attack.
The vector for this particular attack appears to be a malicious attachment received by email. The attachment was disguised as a mailing label.
Here's a copy of the email. Note that the sender email address isn’t FedEx, the purported label is a zip file and the email doesn’t reference a specific tracking number.
From: FedEx International Next Flight <Frederick.mayer@compromisedaccount>
To: RIT Student Name (Student Employee)
Subject: We could not deliver your parcel, #00212400
Date: Monday, December 5, 2016 6:34:49 AM
We could not deliver your item.
Please, open email attachment to print shipment label.
Thank you for choosing FedEx,
FedEx Delivery Manager.
What do I do if I think I’m infected?
- Report the ransomware attack to your service desk immediately.
- Isolate or shut down the infected computer. (If you’re on Wi-Fi, turn off the Wi-Fi. If you’re plugged into the network, unplug the computer. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives.)
For more information
- The Rise of Ransomware and How to Deal with It <http://www.rit.edu/security/content/rise-ransomware-and-how-deal-it>
If you have questions, please contact us or your service desk.