Ransomware Messages Targeting bMail Users
Jennifer Bellenger
Dear Micronet,
Please be aware that Ransomware messages are continuing to be sent to campus email addresses, including alumni redirects. Over the past week, impacted users have received message(s) in their spam folders that are spoofed and appear to be coming from an @berkeley.edu address, including their own. These messages appear to have scanned images or photos attached but actually contain Ransomware. Additionally, users have received warning messages in their inbox from ‘Mailer Delivery Subsystem” with the subject line “Returned Mail: see transcript for details”. These are being triggered because the original message is forged with your address and Google is rejecting the message due to the virus attachment.
The bConnected and Information Security teams will continue to monitor this issue but remind users to remain vigilant about not downloading unknown attachments. Users who have downloaded the attachment should report this to CSS-IT for immediate escalation (510) 664-9000, option 1.
Use the following tips to keep your systems and data safe:
Do NOT open email attachments from unknown or unexpected sources. Most commonly, malicious Microsoft Office documents are attached to emails and contain macros that infect a user’s system once executed. Exercise extreme caution if an email contains a file attachment.
Do NOT click on web links from unknown or unexpected sources. Some attackers have been using Google Drive (bDrive) links that cause a user’s web browser to then download a malicious file, and ask the user to execute it. Do not assume Google Drive (bDrive) links are safe.
Disable macros in Microsoft Office and do not run macros if you are prompted to by Word, Excel, PowerPoint, etc. unless you are certain the document is from a trusted source, expected, and safe.
If you are unsure if an email attachment or link is safe, forward suspicious emails to con...@berkeley.edu. Be sure to include full email headers by clicking the down arrow next to “Reply” in bMail and then “Show Original”. Copy and paste the original text of the email and all headers into your message to con...@berkeley.edu.
Review Information Security’s Ransomware FAQ and Anti-Phishing resources:
https://security.berkeley.edu/news/warning-ransomware-attacks-rise
https://security.berkeley.edu/news/locky-ransomware-delivered-email-attachments
- Ensure your system is being backed up on an ongoing basis. Note: It is NOT sufficient to use cloud storage/sync services such as bDrive, Box, Dropbox, etc. for primary backups. Many strains of Ransomware can and will infect files in those services. It is important that your backups are versioned and read-only or offline.
