The BBC and other news outlets are reporting a rapid increase in the number of ransomware attacks worldwide. According to the article, computers have been locked up in thousands of locations worldwide. The increase in attacks may be linked to a group known as The Shadow Brokers, which is the group that claims to have released NSA hacking tools. Although it's unclear at this time, researchers believe the attack is spreading through a worm. Worms prey on vulnerabilities in unpatched computers.
Ransomware is malicious software that encrypts a victim’s hard drive and then demands that a ransom be paid in order to decrypt the contents. Ransomware may spread through infected attachments, malicious links, worms, and other vectors.
What you should do
- Ensure that you’re backing up your information before you’re attacked. Contact your Service Desk if you need more information.
- Ensure that your computer is up to date with patches. Unpatched Microsoft systems are vulnerable to the Wannacry ransomware variant.
- Use a strong password and don’t share it.
- If you receive an email with an unexpected attachment or link, verify with the sender BEFORE opening the attachment or clicking on the link. Your colleague’s account may be compromised. The malicious email may come from them.
- Please submit suspected phishing/spam to ITS by creating a new mail note to email@example.com and attaching the suspicious email. Then delete the suspicious email and/or attachment.
- If you administer your computer ensure that anti-virus/anti-malware is up to date and functioning.
- If you have clicked on a suspicious link or opened a suspicious attachment, change your password and contact your Service Desk immediately.
For more information
- Ransomware infections reported worldwide, http://www.bbc.com/news/technology-39901382
- Massive ransomware attack hits UK hospitals, Spanish banks, https://arstechnica.com/information-technology/2017/05/nhs-ransomware-cy...
- RIT Information Security Ransomware Page, https://www.rit.edu/security/content/ransomware-0
If you have any questions, please contact us or your service desk.
Quick Infosec Tip: How well can you recognize phishing? Take the SonicWall Phishing IQ test and see how you do <https://www.sonicwall.com/phishing/>
Reminder: The RIT Information Security Policies and Standards are designated to help keep RIT and the RIT community safe from cybersecurity threats.