GLOBAL RANSOMWARE VIRUS

Wednesday, 28 June - 09.00

Update following 'Petya' ransomware cyberattack

For the moment, there is no evidence of any issues arising for the University from this current attack; however, it is important that we are all extra vigilant.  

Central systems on the University network are largely protected against this type of attack due to security measures already in place, and in light of this incident, ISS are implementing additional precautions.  

We are asking all users to do three things to help us minimise the potential spread and impact of this problem:

  1. Please show extra vigilance when dealing with your email and when visiting external websites.  Be especially careful in the coming days to apply the precaution which always applies - i.e., do not click on a link on a webpage or in an email, and do not open an email attachment unless you are absolutely sure of its authenticity.  Any suspicious emails you receive should be moved to the deleted items folder for later assessment.
  2. For all Windows PCs and laptops to check if a machine is patched: Go to the Start menu – All Programs – Windows Update.  Install any recommended updates. However, it is possible that there are a few very old or deliberately unpatched PCs still in use within the University and it is important that any such devices are powered off and disconnected from the network and brought to the attention of ISS.
  3. Please notify the ISS Service Desk at (091) 49 5777 or servicedesk@nuigalway.ie if you are aware of any evidence of the attack being successful on any device you work with.  In such cases, do not power off or reboot device, please wait for instruction from ISS.

All individual staff PCs and laptops supplied by the University are configured so that Microsoft Updates are installed automatically at least once a month; these PCs are considered "patched" against this particular virus and will not spread it further should it occur on those devices.

Ransomware attacks have been growing in frequency in recent months and are most commonly made over email - i.e. the attackers dupe the recipient of an email into initiating the encryption process on their own files by disguising code within a file attachment, which may appear to be a standard MS Office file or .pdf.  Another common method used is to redirect you to a webpage which tells you that you will need to install an additional font or script or plug-in in order to access all the content on the page.

The ISS website has information on IT security and safe computing here: http://www.nuigalway.ie/information-solutions-services/servicesforstaff/security/

If you require further assistance, please log a ticket with the Service Desk, and we will get back to you.

 
Monday, 15 May - 09.30

There is no evidence of any issues arising for the University from this current attack; however, it is important that we are all extra vigilant.  

Please read on for more information and advice for staff:

  • Apple Mac and Mobile Phones are not impacted by this specific issue
  • Microsoft Windows XP devices are particularly vulnerable to the spread of this virus, and particular care should be taken with these devices.  If there is any evidence of the ransomware virus on a Windows XP PC, that PC should be powered off immediately and ISS alerted.  Microsoft have released a patch for Windows XP which addresses its vulnerability.  This should be applied immediately to all Windows XP PCs.
  • For all Windows PCs and laptops to check if a machine is patched: Go to the Start menu – All Programs – Windows Update.  Install any recommended updates.
  • Please show extra vigilance when dealing with your email and when visiting external websites in the coming days.  Be especially careful to apply the precaution which always applies - i.e do not click on a link on a webpage or in an email, and do not open an email attachment unless you are absolutely sure of its authenticity.  Any suspicious emails you receive should be moved to the deleted items folder for later assessment
  • If you require further assistance please log a ticket with the Service Desk and we will get back to you, noting we are experiencing a high volume of calls this morning.

Conor McMahon, ISS


Sunday, 14 May - 20.00

Dear colleague,

You are likely aware that there is a significant cyber-attack currently taking place worldwide, in the form of a "ransomware attack." 

In this type of attack, the files held on PCs and other storage devices, including USB keys and network file-shares, are encrypted so that they become entirely unusable and are unrecoverable unless a payment is made to the attackers to release a unique decryption key.

For the moment, there is no evidence of any issues arising for the University from this current attack; however, it is important that we are all extra vigilant.  

Central systems on the University network are largely protected against this type of attack due to security measures already in place, and in light of this incident, ISS are implementing additional precautions.  

All individual staff PCs and laptops supplied by the University are configured so that Microsoft Updates are installed automatically at least once a month; these PCs are considered "patched" against this particular virus and will not spread it further should it occur on those devices.

However, it is possible that there are a few very old or deliberately unpatched PCs still in use within the University and it is important that any such devices are powered off and disconnected from the network and brought to the attention of ISS.

We are asking all users to do two things to help us minimise the potential spread and impact of this problem:

  1. Please show extra vigilance when dealing with your email and when visiting external websites.  Be especially careful in the coming days to apply the precaution which always applies - i.e do not click on a link on a webpage or in an email, and do not open an email attachment unless you are absolutely sure of its authenticity.  Any suspicious emails you receive should be moved to the deleted items folder for later assessment.
  2. Please notify the ISS Service Desk at (091) 49 5777 or servicedesk@nuigalway.ie if you are aware of any evidence of the attack being successful on any device you work with.  In such cases, the device itself should be immediately powered off.

Ransomware attacks have been growing in frequency in recent months and are most commonly made over email - i.e. the attackers dupe the recipient of an email into initiating the encryption process on their own files by disguising code within a file attachment, which may appear to be a standard MS Office file or .pdf.  Another common method used is to redirect you to a webpage which tells you that you will need to install an additional font or script or plug-in in order to access all the content on the page.

The ISS website has information on IT security and safe computing here: http://www.nuigalway.ie/information-solutions-services/servicesforstaff/security/

In the event that you have any evidence or suspicion that a PC in the University is unpatched and therefore vulnerable to this virus, or has already been infected by this virus, power off that device immediately, disconnect it from the network, and contact the ISS Service Desk at x 5777 / 091 495777 / servicedesk@nuigalway.ie

Many thanks in advance for your assistance and vigilance.

Conor McMahon

Head of Operations, Information Solutions and Services