A Message Regarding Ransomware

Below is a message from Steven Frey, SHSU’s Information Security Officer. This is a good time to remind you to exercise good judgement when opening email or browsing the Internet. When in doubt of a message’s or site’s authenticity, please contact the Service Desk at (936) 294-1950 or by email at servicedesk@shsu.edu.

News headlines are referencing a global ransomware attack.  Ransomware is a type of malware that is usually delivered via an email attachment or link to a malicious website.  When this malware is unintentionally activated by a user, it begins to encrypt all the files that the user has access to and then informs the user that they have to pay a ransom in bitcoin (an online currency) to decrypt the files.  Until this is done, the only recourse the user has is to restore the files from a backup if there is one available, or if not, the user unfortunately pays the ransom.  Often times, even when the ransom is paid, the hacker does not decrypt the files.  This is why it is imperative that users backup their data, like IT@Sam does with the SHSU servers.  Previous ransomware attacks against the university that made it past security controls were thwarted by IT restoring files to a previous version, usually from the day before.

A key difference with these ransomware attacks (yes, there are multiple variants from different hacking groups) is that they are not just encrypting files that the user have access to, rather they are exploiting a vulnerability in Microsoft Windows to encrypt all files hosted on every server or workstation that is vulnerable.  Microsoft released a patch for this vulnerability in March 2017.  At that time, IT@Sam patched systems that were know to be vulnerable.

However, on April 14th, 2017, a group of hackers known as The Shadow Brokers released a set of hacking tools that were stolen from the NSA.  These hacking tools contained an exploit for the Microsoft vulnerability, meaning that with a push of a button, anyone could attack vulnerable servers and workstations, even if the user doesn’t have permissions to the files.  IT@Sam decided to take immediate action on all servers to ensure they would not be vulnerable.  This critical updated occurred during working hours and did disrupt a few services on campus last month, but they were quickly rectified.

These current ransomware attacks are using these hacking tools to encrypt all files they can where Microsoft has not been patched.  Many organizations have not yet applied patches and are being negatively impacted.  SHSU takes its security posture seriously, and makes it a point to be better safe than sorry.  IT Security has rescanned the entire campus network, and no servers are reporting as vulnerable to this attack. A handful of workstations are vulnerable and are under investigation.

It is important to practice caution when opening attachments in emails or clicking on links as these are the methods used to begin these attacks.  IT Security has taken the threat intelligence it has at this time to block known email subjects from entering SHSU’s email system and the campus Intrusion Prevention System (IPS) has rules in place to detect and block the malware that is currently known at this time.  However, these can change rather rapidly which is why the IPS system gets updates automatically from the vendor to stay up to date.  No security is 100%, but we will continue to monitor the situation as more information is released and take the appropriate actions to swiftly protect the students, faculty and staff of the SHSU community.

Steven Frey
Information Security Officer, IT Security

 

Windows 10 Tip: Do you know your passwords?

This month campus workstations will upgrade to Windows 10. This will make your workstation function as though it were brand new. If you take advantage of your web browser’s capabilities to save your passwords, you will want to make sure that you know those passwords. You will need to re-enter them after your workstation is upgraded.

Take time now to gather those passwords or go through password recovery processes to reset passwords that you do not know before your workstation is upgrades (see the rollout schedule). Use the following list as a starting point for important sites that require passwords:

  • Social Media (Facebook, LinkedIn, Twitter, Blogs, etc)
  • Financial Institutions (banks, credit cards, etc)
  • Professional Websites such as community forums
  • Training Websites
  • Google
  • Pharmacy
  • Benefits (ERS, UnitedHealthcare, etc)

Windows 10 Preparedness Checklist

windows-10-logo-46fa00b9a1-seeklogo_comWindows 10 is an operating system that will replace Windows 7 on SHSU desktops beginning in Summer 2017. This new operating system amplifies productivity and provides protection against modern security threats. Below is a checklist of things to do before the update is pushed out to campus.

  1. BACK UP DATA
    Anything saved on the local computer including files and software will be lost during the upgrade process. The upgrade will be pushed remotely May 18 – 31, 2017; take time to back up data stored on your C drive to your S drive or OneDrive now. If you need assistance, please call the IT@Sam Service Desk (4-HELP).

    • Move locally stored data on the C drive to your S drive or OneDrive.
    • Save copies of email signatures, sticky notes, etc. to a Word document.
    • Export and save bookmarks and favorites from web browsers (i.e. Internet Explorer or Chrome).
  2. CHECK PERIPHERALS
    If you have a local printer, scanner, or other peripheral device attached to your computer which was purchased over four years ago, it will need to be checked for compatibility. This can be done through the manufacturer’s website or by e-mailing the Service Desk (subject line of “Windows 10 compatibility”) with the make and model of the device.

    • Check PRINTER compatibility with Windows 10 via manufacturer website.
    • Check SCANNER compatibility with Windows 10 via manufacturer website.
    • Check the compatibility of any OTHER peripheral devices (i.e. label maker) with Windows 10 via manufacturer website.
    • Reinstall software for peripheral device (after operating system upgrade).
  3. CHECK APPLICATIONS
    If an application was installed manually on your computer, you will need to verify that the software is compatible with Windows 10. If it is compatible, the software will need to be reinstalled after the operating system upgrade.

    • Make a list of applications or software packages that are not provided by IT and locate the installation media (i.e. Blue Zone, Google Drive, Dropbox) to reinstall later. NOTE: Office 2016, Adobe Acrobat DC, Internet Explorer, Edge, OneDrive, and Identity Finder will be installed with the Windows 10 upgrade.

Click here to print the Windows 10 Preparedness Checklist.

For more information, visit the SHSU Windows 10 website.

Should you have any questions or concerns, please contact the Service Desk.

Technology Trainings

Several technology training sessions will be available for SHSU faculty and staff during the month of May beginning with Prezi & Sway (May 1), Intro to Word 2016 (May 2), Intro to Windows 10 (May 3 & 4), WebCMS (May 4). May Trainings - Week 1To sign up for one of these training sessions, please visit Talent Management.

One-on-one assistance and departmental training is available upon request. For questions, or to schedule a training, contact our Technology Trainer, Natalie Payne, at npayne@shsu.edu or x4-4104.

Get Ready to do Great Things with Windows 10

Windows 10 is Coming
For the past several years, Sam Houston State University has used the Windows 7 operating system for PCs. Windows workstations are scheduled for an upgrade to Windows 10, beginning in May (after the conclusion of the Spring 2017 semester).
The look and feel for Windows 10 will be different, but most functionality will already be familiar to you. Some of the improvements include:
  • A more interactive Start Menu. Users will continue to see lists of software and files, but alongside them will be Live Tiles of apps. These can be changed for apps used more frequently, making life a little easier than in Windows 7. Start-Menu
  • As with Windows 7, users can search by clicking on the Start Button.Search

 

 

 

 

 

 

 

 

 

 

 

  • Edge is the default browser in Windows 10. It features a clean look with a tidy area called the Hub to keep the things collected on the web – including favorites, reading lists, browsing history, and current downloads.Edge

Stay tuned to future IT@Sam Newsletters or the Windows 10 project website for a peak at these improvements and updates to the timeline. If you have any questions, please feel free to contact the Service Desk.