[All_jlab_accounts] Ransomware Update from JLab's IT Division

Mon May 15 12:47:27 EDT 2017

INTERNAL MEMO 

May 15, 2017

Sent on behalf of the IT Division  

SUBJECT: Ransomware Update from IT Division 

CONTACT: Help Desk, x7155, helpdesk at jlab.org <mailto:helpdesk at jlab.org>  

A twist on the cyber criminal's tool of choice to extort money from people
has recently been detected. It is known as "Wannacry" and it is a
particularly nasty form of ransomware. More details can be found in this
news article, at:

https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nbcnews.com_news_us-2Dnews_blockbuster-2Dwannacry-2Dmalware-2Dcould-2Djus&d=DwICAg&c=lz9TcOasaINaaC3U7FbMev2lsutwpI4--09aP8Lu18s&r=ymBp262dRSuhU0FqjRmMUWXr-mNybFC-OlPi9EHdOsI&m=69d6NNZCexvdbAs02vYdu_Dt-d-vxHK-tfXmwNfVnN4&s=On48ROTMIHgjEcJWUkN0yHxJbPtAoS6rVW6v4vMordg&e= 
t-be-getting-started-experts-n759356
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nbcnews.com_news_us-2Dnews_blockbuster-2Dwannacry-2Dmalware-2Dcould-2Djust-2Dbe-2Dgetting-2Dstarted-2Dexperts-2Dn759356&d=DwMD-g&c=lz9TcOasaINaaC3U7FbMev2lsutwpI4--09aP8Lu18s&r=ymBp262dRSuhU0FqjRmMUWXr-mNybFC-OlPi9EHdOsI&m=Eq1A5IhS4aY06yKLW-yw5vC_4B3eH1R4dec5-DXES7w&s=6tQL-M4fyaxE7CyX_bO23yjurfXUYbMq72gVgj4BIt4&e=> 

Jefferson Lab has been actively researching the impact this malware could
have on us since last week. At this time, we believe we are in a good
security position with limited exposure to the virus. Patches mitigating
part of the problem were sent out in March and we're actively looking for
any infections. So far, the code is only targeting Windows systems, but
this could change at any time.

In order to ensure that patches have been effectively installed, some
Windows system may have to be remotely rebooted. The computer center will
contact you before doing so if possible. Please ensure any JLab-owned,
home-based computers or offsite JLab laptops have been patched and
rebooted ASAP. If you need assistance to determine this, you may contact
the IT Division Helpdesk at x7155 or  <mailto:helpdesk at jlab.org>
helpdesk at jlab.org. Please note that the Helpdesk option is only available
for JLab owned computers.

Unfortunately, this attack can succeed via several other methods. A
phishing email or an infected website can both introduce the malware onto
a user's computer. As always, the general advice to be careful about
opening email and visiting unknown websites is very applicable here.

If you notice anything strange with the operation of your computer, or see
a Windows notification advising you of a problem, notify the IT Division
Helpdesk, as soon as possible.

12000 JEFFERSON AVENUE . NEWPORT NEWS, VA 23606 . USA . WWW.JLAB.ORG

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/all_jlab_accounts/attachments/20170515/afcfe1ed/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 5513 bytes
Desc: not available
URL: <https://mailman.jlab.org/pipermail/all_jlab_accounts/attachments/20170515/afcfe1ed/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 235 bytes
Desc: not available
URL: <https://mailman.jlab.org/pipermail/all_jlab_accounts/attachments/20170515/afcfe1ed/attachment.png>