Ransomware Attack Warning
Recently, Lander University email accounts have been the target of ransomware attacks. Ransomware is a form of malware (“bad software”, such as viruses) that encrypts all files on a user’s computer and demands a ransom to unlock the files. In addition, ransomware can often jump to any connected external or network drives and encrypt files stored in those locations. Unfortunately, there are no alternative means to unlock files encrypted by many strains of ransomware, and even if someone chooses to pay the ransom, there is no guarantee that the attacker will unlock the files as promised.
Ransomware is primarily distributed through phishing email attachments, often disguised as invoices or package delivery receipts. Below is an example of a ransomware-distributing email that has recently appeared in Lander inboxes. This email included a .zip file attachment that was named according to the recipient’s Lander username (for example, an attachment sent to my inbox might be named “jnunley-invoice.zip”).
Using the example above, here are two tips to help you recognize suspicious emails:
1. Pay attention to the actual email address in the “From” section. This address does not appear to be from an official source, and in this case, the address does not match the displayed name (“carlos” vs. “ALICIA SEARCY”).
2. Note that the body of the email is not directly addressed to anyone. If receiving communications from a legitimate organization, particularly one sending an invoice, the message would be addressed to the intended recipient by name. In addition, be suspicious of generic greetings, such as “Dear Customer” or “Dear User”.
In an effort to combat these attacks, we urge all University employees to exercise caution and only open attachments that you were expecting to receive from a known sender. Since ransomware is such a new and evolving threat, sometimes the only protection from losing your files may be your own awareness and the decision to not open unexpected attachments. If you have any questions or are suspicious about an email you receive, please contact me or the ITS Help Desk at Ext. 8234.
Information Security Officer and ITS Training Coordinator