Computing Services

The department behind IT services at the University of Bath

Tagged: ransomware

Statement about the Petya ransomware attacks

  ,

📥  Security

It’s been widely reported that a new ransomware worm has been affecting a large number of companies around which has the appearance of the Petya ransomware, though it comes with new abilities to spread within networks.

The bad news is that the severity of damage caused is very high and by  the time you see a warning message it is likely to be too late:

  •  In addition to using the vulnerability used by the recent WannaCry, it can also spread using hijacked account credentials using legitimate windows processes which has allowed it to spread very quickly within confined networks
  • The encryption mechanisms are very good so unencrypting data is likely to be impossible.  The communication mechanism has been disabled so even if payment was made, the key to decrypt the files would never be released

The good news is that worldwide spread will hopefully be contained:

  • It is likely that the main initial infection came through a compromised update to a piece of Ukrainian tax software
  • The malware only spreads to local computers or ones it is already connected to, it does not reach out across the internet looking for more victims

Whilst we have already patched the vulnerability used in WannaCry and have other protections in place, we will be looking to increase the measures in place to increase security.   Even with these protections in place there are no guarantees that a widespread ransomware infection would not strike us and everyone should take their own responsibilities seriously:

  • Do not open unexpected documents from unknown sources or if they seem suspicious
  • Avoid clicking embedded links found in unexpected emails
  • Apply patches to home computers and reboot work computers frequently to allow them to install

More information can be found from a number of trusted sites such as the BBC.

 

 

Ransomware email: be vigilant

  , ,

📥  Computing Services, Security

There have been reports that an educational institution has been targetted by a ransomware email. It contains an attachment that, when opened, scrambles files on your computer and on shared drives.

As a result of these reports, we recommend that you do not open any email attachments from unknown sources and ensure that you have antivirus software installed which is up to date. You can read the full guidance on protecting yourself against ransomware in our blog post.

Please feel free to contact us should you need any further information and advice about this issue.

We strongly advise you to back up your files on a regular basis.

 

Guidance on protection against ransomware

  ,

📥  Security

Due to the ransomware attacks on the NHS and many other organisations as reported in the world media, we have provided some guidance to protect your personal devices (including ones you have at home) against similar attacks. If you have a University-owned device then please contact us for advice.

Windows XP
We recommend that you obtain the latest version of Windows as Microsoft no longer support this. However, they have provided an emergency update to protect your device against this particular attack.

If you are not able to obtain the latest version of Windows, then you need to run Windows update to ensure your system is up to date.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

Windows 7/8/10
Run Windows update to ensure your system is up to date.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

macOS
If possible, ensure you have upgraded to the latest macOS. 

If you are running Bootcamp, this will need to be updated too.

Check and run Mac software updates. 

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

Linux
Update your system to the latest version. 

If you are running a virtual machine this will need to be updated too.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos which is offered to staff and students for free.

iOS
Update your system to the latest version.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos.

Android
Update your phone to the latest software version. See your phone manufacturer’s website to find out how to do this.

Ensure that you have antivirus software installed and that it is up to date. If you do not have antivirus software installed then we recommend Sophos.

Further information and advice
Please feel free to contact us should you need any further information and advice about this issue.

We strongly advise you to back up your files on a regular basis.

 

 

WannaCrypt Ransomware - please be vigilant

  ,

📥  Computing Services, Security

You will be aware of the news reports of ransomware attacks on the NHS and many other institutions around the world.  Ransomware attacks are mainly launched via email and are a major threat to our data.

To protect against these, the University of Bath relies on a layered approach to protect our systems with regular patching, anti-virus, firewall protection and mail filtering.  Updates to protect University systems against the vulnerability exploited in the latest attacks were tested and released to our systems and signature updates for the current attack were made available from our vendors.  Support teams are working to check that all updates have been deployed successfully and ensure that our systems are fully protected.

Ransomware does need someone to open the booby-trapped attachments so everyone should take care with emails containing attachments or links. An email may look genuine but can be spoofed. You should ask yourself:

  • Am I expecting an email from this organisation?
  • Have I actually purchased or used the service being referred to?
  • Am I confident that the attachment is safe?

Even if you choose to open the attachment:

  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender. If in doubt contact Computing Services.
  • Don’t run a program if you don’t know where it has come from and haven’t chosen to install it yourself.

If you are in any doubt, the best way to contact us is at http://go.bath.ac.uk/it-help-form. If your enquiry is urgent then you can contact us on x3434.

Personal and home computers need to be protected as much as University systems, so make sure you run system updates and check your anti-virus is up to date the next time you use your computer. For more information see the article on the malware from Microsoft.

We also offer advice on dealing with fake and phishing emails on our website.