In the past few weeks there has been a marked increase in large scale ransomeware attacks on many different organisations, these include governmental institutions, hospitals, universities and private sector businesses.
Most people will have heard about the attack on Universiteit Maastricht. Attackers gain access to the network of an organization through emails with malware or phishing messages. SURFcert has investigated the attack and has shared information with other security teams. CERT-UT has used that infomation to investigate our own network. At the time of writing we have not encountered any indications of our systems being compromised. A vigilant stance will be maintained with increased monitoring efforts.
You can also help reduce the risks by taking the following precautions:
- Do not click on links in email unless you are absolutely certain it is a genuine email. Even then check carefully the address used in the URL (internet address), ensure it contains expected information. Attackers often use URL's such as login-utwent.nl or login.utwente.nl.tk or derivations of these to give them a sense of legitimacy.
- Do not open documents from unknown sources or that you do not expect. Even if you open a document from a trusted source, do not allow macros to run or the document to open other documents you know nothing about.
- If your system behaves strangely, your password changes or you get locked out of your account, contact CERT-UT as soon as possible.
- Check the 10-step plan.
