Ransomware Threat

Good morning all,

Happy New Year to everyone! I hope that you all had an enjoyable and relaxing break.

One of our higher education brethren in California did not enjoy a nice break; Los Angeles Valley College was just hit with ransomware on their central servers which encrypted all email and shared files. This brought all operations to a standstill and unfortunately, because of a lack of security controls, the college forked out $28,000 in bitcoin in order to get back in business:


Ransomware is a serious threat — thankfully there are a few easy ways you can protect yourself from downtime and financial (and reputation) loss:

  1. Ensure you have backups of critical data on removable or offline media
    Any departmental shared drives you use should be backed up on a regular basis to media that malware cannot access. This can be tape, a USB drive, or a hard drive that nobody has access to remotely. Your backups do no good if the malware can just encrypt and hold those files hostage too. And make sure to test your restore procedures every few months to make sure your backups can save you!
  2. Use Application Whitelisting
    C&IT DeskTech began using application whitelisting after the “invoice.zip” outbreak to outstanding success. By only permitting software signed by known vendors (or manual exceptions by file hash), the initial malware that could encrypt all your files CAN NOT RUN. It’s hard to get infected when the OS refuses to run unknown software!
  3. Limit Administrator Privileges
    This should be old hat right now, but it’s still important, especially for the people on this list — limit any administrative privileges to your accounts. This includes removing accounts from a computer’s local “Administrators” group, as well as using DIFFERENT accounts when YOU need to perform administrator actions. Best practice is for you to use one account for your day-to-day office work and to do a special “Run As” execution when running any administrative programs. This way, any damage caused by malware should be limited to just one computer or user profile instead of an entire network or domain.

As always, thank you for the hard work you do in keeping the university safe and secure from these electronic threats.

Phish in an Envelope

C&IT’s security staff learned about a new form of phishing that has been spotted at several universities, and we want you to be aware of the technique that the Bad Guys are using.

A small number of people at multiple sites are getting physical mail, not email, indicating a possible security issue they should be aware of.  Details are supposedly included on an enclosed DVD.  Individuals targeted range from upper management to researcher/student assistant. Nobody is safe.

The DVD contains an executable you are supposed to run that contains the details.  In reality it contains a trojan horse that snaps a screenshot every few seconds and uploads it to a remote command/control site. The malware runs as the user, and isn’t picked up by antivirus.

If you receive such a package, please get in contact with C&IT as soon as possible.  DO NOT insert the DVD into your system.  If you have any questions, please contact the C&IT Help Desk at 313-577-4778 or helpdesk@wayne.edu