Category Archives: malware

Avoiding Ransomeware Attacks

Ransomware is a type of malware designed to encrypt your files or lock your operating systems so attackers can demand a ransom payment. According to a 2017 Symantec report, the average ransom demand has increased 266% from 2015 to 2017 and is valued at $1,077 per event.  The report continues by stating that “While consumers in particular (69 percent of all infections) are at risk from ransomware, this year saw evidence that ransomware attackers may be branching out and developing even more sophisticated attacks, such as targeted ransomware attacks on businesses [and Institutions of Higher Education] that involved initial compromise and network traversal leading to the encryption of multiple machines. Ransomware looks set to continue to be a major source of concern globally in 2017.” (https://www.symantec.com/security-center/threat-report)

Typically starting as a phishing attack, ransomware executes when a user is lured to click on an infected link or e-mail attachment or to download a file or software drive while visiting a rogue website. Sophisticated social engineering techniques are used to entice users to take the desired action; examples include

  • an embedded malicious link in an e-mail offers a cheap airfare ticket (see figure 1);
  • an e-mail that appears to be from Google or Facebook inviting recipients to click on an image to update their web browser or access a file that supposedly has been shared with them (see figure 2); or
  • a well-crafted website mimics a legitimate website and prompts users to download a file or install an update that locks their PC or laptop.

Figure 1. Phishing e-mail with ransomware embedded in a link

Figure 2. A fake Google File Share Message

To avoid becoming a victim of ransomware, users can follow these tips:

  • Delete any suspicious e-mail. Messages from unverified sources or from known sources that offer deals that sound too good to be true are most likely malicious (see figure 3). If in doubt, contact the alleged source by phone or by using a known, public e-mail address to verify the message’s authenticity.  Before you delete the message, send a copy of the suspicious email as an attachment to abuse@sulross.edu so we can analyze the full message.

Figure 3. An example ransomware e-mail message

  • Avoid clicking on unverified e-mail links or attachments. Suspicious links might carry ransomware (such as the CryptoLocker Trojan).  These links and files represent that easiest and fastest way for the bad guys to get to your system.  Always be aware of what you are clicking on.
  • Use e-mail filtering options whenever possible.E-mail or spam filtering can stop a malicious message from reaching your inbox.  OIT provides email and spam filtering as a part of our email system.  Currently, we block approximately 60% of all email messages being delivered to the institution.  Some still get through because they look like legitimate email messages to our filters.  For your personal email account, see if your service provider provides email and spam filtering options.
  • Install and maintain up-to-date antivirus software. Your SRSU supplied computer uses ESET anti-virus to keep your system safe.  Keeping your operating system updated with the latest virus definitions will ensure that your security software can detect the latest malware variations.
  • Update all devices, software, and plug-ins on a regular basis. Check for operating system, software, and plug-in updates often — or, if possible, set up automatic updates — to minimize the likelihood of someone holding your computer or files for ransom.  Your SRSU supplied machine is set to allow automatic updates.  Always allow the system to perform this function as it helps keep your computer one or two steps ahead of the bad guys.
  • Back up your files and use OneDrive and Sharepoint. Back up the files on your computer, laptop, or mobile devices frequently so you don’t have to pay the ransom to access locked files.  OIT recommends you store all your files on OneDrive or Sharepoint.

 

 

If you believe you have an email in your Inbox that is a phishing or social engineering attempt, send that message to abuse@sulross.edu as an attachment so it can be analyzed by OIT.

If you click on a link and believe it is malware, ransonware or other attempts to steal your identity or data, change your password immediately using Lobopass and contact LTAC for further assistance.

Follow us on Twitter @SRSUOIT

Like us on Facebook SRSUOIT

SRSU OIT Advisory: Petya Cyber Attack

Through news agencies and social media, many of you are aware of the current cyber attack, Petya, which started in Europe and continues to spread across the globe, including the U.S. This attack is similar to the devastating attack on organizations around the globe in May 2017. OIT is keeping an eye on developments in this latest attack and will keep you informed if and when the situation changes.

In the meantime, here are four things you can do immediately to lower the chance you will be impacted by this latest global threat.

1. Ensure all updates are applied on your computer. This includes Operating Systems (Windows, MacOS, others), applications (MS Office is the most common). Your SRSU computer is updated automatically each time Microsoft releases an update but you may want to check that on occasion.

2. Don’t click on email messages and attachments you are not expecting or seem unusual. If you receive something that doesn’t look right, assume it is not. Contact the person that supposedly sent it and verify the message or attachment(s) are valid. A 60-second phone call may save many months or years of work.

3.  Ensure your data is backed up to a location that is not accessible by a virus or ransomware attack. While not the first item on this list, this may be one of the most important and the one for which all the responsibility falls to you.  If you are not sure your hard drive is being backed up, assume that it is not.  SRSU OIT does not provide backups for your SRSU supplied desktop computer.  For some of you, backups are to an external hard drive. While a worthy solution, even external hard drives fail from time to time or can be corrupted if left plugged into an infected machine.  OIT recommends the use of Office 365 to store all your documents.

4.  Never download software not authorized by OIT. The beginnings of this latest threat come from tax accounting software. Once it gets inside an organization, it can spread from machine to machine if those machines are vulnerable to the threat.

OIT continues to monitor any situation that heighten the risk of your computer and data files being compromised. We will take appropriate actions as we see fit.

Follow us on Twitter @SRSUOIT

Like us Facebook SRSUOIT

Here are links if you are interested in learning more about this cyber attack:

Read Greg Freidline’s blog post here. https://blogs.sulross.edu/gfreidline/2017/06/28/block-petya-virus-on-a-computer/ WARNING: Lots of geek-speak here! 

Here is an excerpt from NPR talking about the Petya virus: http://www.npr.org/sections/thetwo-way/2017/06/28/534679950/petya-ransomware-hits-at-least-65-countries-microsoft-traces-it-to-tax-software.