Cryptoware on campus

By: Jeffrey Gardiner

September 14, 2016

Some of you may have heard about the Cyber Security incident that happened ecently at the University of Calgary.  You can read about it at http://www.cbc.ca/news/canada/calgary/university-calgary-ransomware-cyberattack-1.3620979

Today, Western detected an instance of ransomware in one of our organizational units.

Ransomware is computer malware that installs covertly on a victim's computer and executes a crypto-virology attack that encrypts the victim's files, making them inaccessible and demands a ransom payment to restore the files and the system. Simple ransomware may lock the system and display a message requesting payment to unlock it.

Western’s detection was nearly immediate.  We isolated the infected machine and disconnected it from the Network.  A Technical Support analyst wrote the following email to all staff in the unit:

Subject: Reminder about malware - be wary!

Just a reminder to everyone to always be careful about opening any email containing attachments or links, and to triple-check everything before clicking on any attachments or links within the email.

- Who is the email from? Are you expecting an email from the sender? Unsolicited emails are almost always fake.
- What is in the email? Is there a link for you to click on? If you hover the mouse over the link, does the same url show up?
- Is there a document attached to the email? What type of document is it? Zipped files are prime targets for viruses and should be very carefully examined.

Even if the sender appears to be from UWO, the sender’s email could be forged. Remember that Western will never ask you confirm your login credentials, and neither will any reputable organization.

With the start of the new school term, the volume of email phishing attempts has gone up. Also, users need to be especially careful about opening attachments.

The safest approach is to simply delete the email. If you have received something that you believe *may* be legitimate but are not sure, please seek advice from ITS Helpdesk.

Unfortunately today we have had an instance where all of a user’s documents have been encrypted by a “ransomware” virus. This particular type of virus will encrypt all of the documents on your computer and there is no way to recover them unless you pay a ransom to the criminals. Keep your important documents on the network!

Please share this alert with the community you support and or fellow/staff.

Any questions about cryptoware can be directed to your Faculty or Department IT staff or to the ITS Helpdesk.


Published on  and maintained in Cascade CMS.