Beware of Ransomware!

Beware of Ransomware!

January 28, 2021

Ramsomware continues to be one of the biggest menaces on the internet. In fact, there has been a number of phishing attacks against universities and public institutions in recent months -- both locally and worldwide. Something as simple as clicking on the wrong link could be enough to set off a sequence of events that ends with critical data being encrypted by cyber criminals. Those bad actors will then only release the stolen data in return for a hefty ransom -- usually in bitcoin or another hard-to-trace cryptocurrency. Some criminal groups also charge ransoms if organizations do NOT want their data released to the public – meaning relying on backups to protect you might not be enough.

Hidden in plain sight

Cyber criminals are using increasingly sophisticated tactics to lure their victims. Recently, the UBC Cybersecurity team thwarted a potential ransomware attack that was hidden inside of a Microsoft Word document.

Using this malicious file disguised as a survey, the criminal claimed to be a Manager that needed a survey completed “ASAP.” Inside of the attached file were instructions to complete the survey, including lines of hypertext that initiated macros to execute an automated script. This script ultimately would download ransomware to the victim’s computer leaving their files locked and in the hands of the criminals.

While this attack was not successful due to the rapid response of the UBC Cybersecurity team and local IT administrators, it serves as a sobering reminder of how swiftly a seemingly average-looking correspondence can erupt into a harmful attack with devastating consequences.

 

What can be done?

Cybersecurity Tools

To better protect UBC staff and faculty, the UBC Cybersecurity team has deployed powerful anti-malware, endpoint detection and response software, and several other effective security controls to protect staff and faculty. Through the use of such tools, Cybersecurity Analysts have been able to locate, isolate, and eradicate countless phishing and malware laced messages over the past several months. While it’s clear that such tools are effective, they are simply one aspect of the greater collaboration that is necessary to create a truly secure working environment at UBC.

 

PATCH! PATCH! PATCH!

The UBC Cybersecurity team is grateful for the open and candid dialogue that they have been able to have with local IT administrators in various faculties and departments. Such teamwork has been the impetus for insightful updates to processes and policies that would otherwise have not been possible.

As open communication continues to be crucial to keeping supported users safe, the number one thing that all IT administrators can do to assist in the greater security effort is PATCH!

In a recent survey conducted by the security company Tripwire, one in three IT professionals surveyed admitted that their organization had been breached as a result of an unpatched vulnerability. Sure, patching software flaws is tedious, but it’s incredibly vital to security. Criminals will attempt to exploit a software vulnerability the minute it is discovered. It’s imperative that software patches are deployed as soon as they are released – for systems where this is appropriate, please consider setting these updates to deploy automatically. Please subscribe to the UBC Cybersecurity Confidential Communications page (VPN required) and engage with security analysts to ensure full mitigation of any discovered vulnerabilities.

 

What can you do?

The best way for staff and faculty to assist in the security effort is to remain vigilant at all times. Be on the lookout for the external email tag applied to messages originating from outside of UBC. If a message appears to be suspicious report it immediately to security@ubc.ca by forwarding the message as an attachment.

Resources

BACK TO NEWS