In just the past week, hospitals across the nation, including some of our partner institutions, have reported outbreaks of ransomware in their systems, causing “internal states of emergency” and impacting patient care.
Due to the recent abundance and severity of these attacks, we are treating these outbreaks very seriously to try to avoid an attack at Weill Cornell. We are enhancing our security network monitoring and are deploying the latest security detection and prevention tools.
What is ransomware and how is it most commonly spread?
- Malicious software that prevents or limits access to a computer until a sum of money is paid
- Makes important files on our computers, systems, and file shares encrypted and inaccessible
- Most commonly spread through infected email attachments
What should I be doing to make sure I am secure?
- Do not click on links in emails if they look suspicious or come from an unknown sender. Report spam to the spam mailing list by following these instructions.
- Ensure your computer is tagged by ITS—tagging your computer ensures that you will easily have access to our latest protection and security software.
- Ransomware affects users of both Macs and PCs. Just last week, a ransomware attack emerged that was specific to Mac computers.
- Download and install our advanced malware protection software (FireAMP and Symantec Endpoint Protection) from our ITS Downloads page.
What is ITS doing to keep me secure?
- Utilizing a state-of-the-art anti-spam and anti-phishing email system to block and screen most emails and hyperlinks before they get to your mailbox
- Enhanced our email security system to add secure testing of all external email attachments to prevent malicious files from reaching your inbox
- Enabled anti-spoofing protection to prevent attackers from impersonating you or our colleagues when sending email messages
- Maintaining offsite backups of critical systems and file shares to prevent spread of infection
- Testing our incident response and disaster recovery procedures to ensure we can restore data of our most critical systems in the event of an attack
How do I know if I’ve been infected and what should I do?
If you receive a message that your “operating system has been locked for security reasons” or notice files on your computer with an obscure file extension, such as my_document.xyz, you may have been infected.
- Immediately disconnect your computer from the network
- Contact ITS Support for assistance
- Do not pay the ransom—there is no guarantee the criminal will honor the request and restore functionality to your computer
Here are some other important reminders to help keep you safe:
- Review Cornell University’s Phish Bowl for examples of phishing emails.
- Maintain a strong password and change it frequently at https://mypassword.med.cornell.edu.
- Do not share your password with others, including your supervisor or ITS.
- Report any suspicious activity to your supervisor or ITS right away.
- Enroll in multifactor authentication at https://duo.weill.cornell.edu.
- Take extra care when traveling internationally.
Did you know?
Last year, victims reported 2,453 ransomware infections to the FBI Internet Crime Complaint Center, with those victims having paid more than $24 million to criminals. However, this is a fraction of the total ransomware in 2015: the FBI’s research shows that the total amount of ransomware attacks in 2015 earned criminals at least $325,000,000.