[Physstaff] Dept PC hacked with ransomware

[Timothy Briggs]

Hello,

We've had an incident of ransomware being installed on a PC in the Department, which has encrypted the user's files and asked for money to unencrypt them.

This is a fairly new way of wreaking havoc, and there's no way around it. It has affected document files on the PC, a USB stick and the user's H drive (which has since been recovered).

If the user had been connected to other network shared drives, they would have been compromised too. Which is sobering. The ransomware would also have affected any Dropbox/Strathcloud synced files on the PC.

The infection came about through clicking on a link in an email. The user had a local admin account to use for installing applications.

So here are the suggested steps we will take to avoid this becoming a major issue:

- Remove admin rights for most users on their PCs - only IT staff, and maybe a nominated person in each group to have admin rights.

- Use a software updater application, Ninite Pro, to help update key applications as they are needed - Java etc. - reducing the admin time for PC updates

- Work with groups to move their data off physicsbackup2 to the University I drive, where better data recovery options are available

Your assistance in this is much appreciated.

Thanks,

Timothy

Timothy Briggs
Research and Teaching Support
Department of Physics, University of Strathclyde, John Anderson Building, 107 Rottenrow, Glasgow G4 0NG
Tel: 0141 548 3376   Fax: 0141 552 2891   Email: mailto:timothy.briggs at strath.ac.uk

The University of Strathclyde is a charitable body, registered in Scotland, number SC015263


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://phys.strath.ac.uk/pipermail/physstaff/attachments/20151125/28bc6cc6/attachment.html