[Physstaff] Dept PC hacked with ransomware
Timothy Briggs
timothy.briggs at strath.ac.uk
Wed Nov 25 15:18:54 GMT 2015
Hello,
We've had an incident of ransomware being installed on a PC in the Department, which has encrypted the user's files and asked for money to unencrypt them.
This is a fairly new way of wreaking havoc, and there's no way around it. It has affected document files on the PC, a USB stick and the user's H drive (which has since been recovered).
If the user had been connected to other network shared drives, they would have been compromised too. Which is sobering. The ransomware would also have affected any Dropbox/Strathcloud synced files on the PC.
The infection came about through clicking on a link in an email. The user had a local admin account to use for installing applications.
So here are the suggested steps we will take to avoid this becoming a major issue:
- Remove admin rights for most users on their PCs - only IT staff, and maybe a nominated person in each group to have admin rights.
- Use a software updater application, Ninite Pro, to help update key applications as they are needed - Java etc. - reducing the admin time for PC updates
- Work with groups to move their data off physicsbackup2 to the University I drive, where better data recovery options are available
Your assistance in this is much appreciated.
Thanks,
Timothy
Timothy Briggs
Research and Teaching Support
Department of Physics, University of Strathclyde, John Anderson Building, 107 Rottenrow, Glasgow G4 0NG
Tel: 0141 548 3376 Fax: 0141 552 2891 Email: mailto:timothy.briggs at strath.ac.uk
The University of Strathclyde is a charitable body, registered in Scotland, number SC015263
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://phys.strath.ac.uk/pipermail/physstaff/attachments/20151125/28bc6cc6/attachment.html
More information about the Physstaff
mailing list