Protecting UCC from Cyber Crime
What has happened? Will it affect UCC? What is IT Services doing? What can you do?
In a nutshell:
What has happened?
A second massive cyber-attack, following on from last's month's 'Wannacry' cyber-attack has struck organisations around the world. A type of computer virus known as ransomware has compromised a large number of computers. This instance of ransomware, known by the name Petya, acts similarly to the previous Wannacry virus, which blocks users' access to files and demands money to release the files. Like all ransomware, the attack spreads by phishing emails, but also can infect directly across a network, any exposed machines that have not installed recent security updates.
Will this affect UCC?
So far, UCC is unaffected. However, that could easily change. Once inside an organisation's network the Petya ransomware virus can automatically track down other vulnerable computers and infect them too, without the need for any further human intervention.
What are IT Services doing?
Everything we can to prevent infection and advise our community how to stay safe online.
- IT Services have updated the thousands of Windows PCs in UCC with the required Microsoft security patches.
- We are working with the other Irish Universities and HEANET to share knowledge about how best to protect the Higher Education network against this attack.
- We have updated our virus scanning software signatures to detect the current strain of the virus. If you don’t have Anti-Virus on your computer, contact the IT Service Desk immediately.
- We have disabled the All_Exchange_ Users email distribution list for the next 24 hours to avoid any possible spread of the virus, which uses email to spread.
What can I, as an end-user, do to help?
- POWER ON machines. For machines to be updated they must be powered on. If a colleague is on leave, powering up their machine will ensure it gets patched. POWER ON, not login.
- Ransomware, like Petya, can be spread via Phishing Emails. Phishing Emails are emails that may appear as though they are from a legitimate source or contact, but are not. Now is a good time to be suspicious:
- Be SUSPICIOUS of emails that ask for personal or company information.
- Do NOT click on links in an email that you are suspicious of.
- NEVER open attachments or click links in suspicious emails.
- NEVER send your password or personal information in response to any email, even if it does not seem suspicious.
- If you are unsure whether the email is legitimate, contact the sender company directly to verify it, or contact IT Services.
- If you believe an email is a Phishing email, DELETE it.
Laptop users working off campus need to run Windows update. If your laptop was ever configured to connect to the UCC network, running Windows Update will fail to connect to our servers. Once it fails it gives an option to check directly with Microsoft, which you should do. Install all recommended security updates.
- If possible download and install the security patch from Microsoft: https://www.microsoft.com/en-us/download/details.aspx?id=55245
- If you are unable to do this contact the Services desk at firstname.lastname@example.org
- If you have Windows XP machines running in labs, disconnect them from the internet until this issue has settled down. XP machines are particularly vulnerable to this attack.
- Contact email@example.com if you have any suspected emails or links you are unsure about.
Resources for Staff and Students
The best way to prevent the spread of the current ransomware attack is to be able to correctly identify Phishing emails and consigning them directly to the bin.
Learn how to spot a Phishing email:
The tutorial below, created by IT Services, will help you identify phishing emails.
Improving your Cyber Security - useful information for staff
Technical Information on the attack
- Microsoft Security Bulletin MS17-010 - Critical
- Alert (TA17-132A) - Indicators Associated With WannaCry Ransomware
- Server Storage Engineering at Microsoft Blog