Quantcast

[Micronet] [Announce] Ransomware Messages Targeting bMail Users

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Micronet] [Announce] Ransomware Messages Targeting bMail Users

Jen Bellenger

Dear Micronet,


Please be aware that Ransomware messages are continuing to be sent to campus email addresses, including alumni redirects. Over the past week, impacted users have received message(s) in their spam folders that are spoofed and appear to be coming from an @berkeley.edu address, including their own. These messages appear to have scanned images or photos attached but actually contain Ransomware. Additionally, users have received warning messages in their inbox from ‘Mailer Delivery Subsystem” with the subject line “Returned Mail: see transcript for details”. These are being triggered because the original message is forged with your address and Google is rejecting the message due to the virus attachment.


The bConnected and Information Security teams will continue to monitor this issue but remind users to remain vigilant about not downloading unknown attachments. Users who have downloaded the attachment should report this to CSS-IT for immediate escalation (510) 664-9000, option 1.


Use the following tips to keep your systems and data safe:


  • Do NOT open email attachments from unknown or unexpected sources. Most commonly, malicious Microsoft Office documents are attached to emails and contain macros that infect a user’s system once executed. Exercise extreme caution if an email contains a file attachment.

  • Do NOT click on web links from unknown or unexpected sources. Some attackers have been using Google Drive (bDrive) links that cause a user’s web browser to then download a malicious file, and ask the user to execute it. Do not assume Google Drive (bDrive) links are safe.

  • Disable macros in Microsoft Office and do not run macros if you are prompted to by Word, Excel, PowerPoint, etc. unless you are certain the document is from a trusted source, expected, and safe.

  • If you are unsure if an email attachment or link is safe, forward suspicious emails to [hidden email]. Be sure to include full email headers by clicking the down arrow next to “Reply” in bMail and then “Show Original”. Copy and paste the original text of the email and all headers into your message to [hidden email].

  • Review Information Security’s Ransomware FAQ and Anti-Phishing resources:

  • Ensure your system is being backed up on an ongoing basis. Note: It is NOT sufficient to use cloud storage/sync services such as bDrive, Box, Dropbox, etc. for primary backups. Many strains of Ransomware can and will infect files in those services. It is important that your backups are versioned and read-only or offline.


--
Jennifer Bellenger

Change & Engagement Lead
bConnected Collaboration Services
Earl Warren Hall, Second Floor
University of California, Berkeley
Office: 510.664.7416

 


--
You received this message because you are subscribed to the Google Groups "Micronet Announcements" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/a/lists.berkeley.edu/group/micronet-announce/.
To view this discussion on the web visit https://groups.google.com/a/lists.berkeley.edu/d/msgid/micronet-announce/CAP%3DFkVe5Nr8Gow--6KFQRCHt8E7%2BbweU3x%3D6NKRsCq28ftbEGw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/lists.berkeley.edu/d/optout.

--
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
 
To learn more about Micronet, please visit the Micronet Web site: http://micronet.berkeley.edu
 
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
 
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
---
You received this message because you are subscribed to the Google Groups "Micronet" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/a/lists.berkeley.edu/group/micronet-list/.
To view this discussion on the web visit https://groups.google.com/a/lists.berkeley.edu/d/msgid/micronet-list/CAP%3DFkVe5Nr8Gow--6KFQRCHt8E7%2BbweU3x%3D6NKRsCq28ftbEGw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/lists.berkeley.edu/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Micronet] [Announce] Ransomware Messages Targeting bMail Users

Ryan Lovett-2
Hi Jennifer,

Can CalMail enable SPF filtering to prevent spoofing? From experience with a couple of old pre-CalMail/pre-GMail departmental domains, that should greatly reduce, if not eliminate, the problem.

Ryan

On Tue, Jul 5, 2016 at 2:05 PM, Jennifer Bellenger <[hidden email]> wrote:

Dear Micronet,


Please be aware that Ransomware messages are continuing to be sent to campus email addresses, including alumni redirects. Over the past week, impacted users have received message(s) in their spam folders that are spoofed and appear to be coming from an @berkeley.edu address, including their own. These messages appear to have scanned images or photos attached but actually contain Ransomware. Additionally, users have received warning messages in their inbox from ‘Mailer Delivery Subsystem” with the subject line “Returned Mail: see transcript for details”. These are being triggered because the original message is forged with your address and Google is rejecting the message due to the virus attachment.


The bConnected and Information Security teams will continue to monitor this issue but remind users to remain vigilant about not downloading unknown attachments. Users who have downloaded the attachment should report this to CSS-IT for immediate escalation <a href="tel:%28510%29%20664-9000" value="+15106649000" target="_blank">(510) 664-9000, option 1.


Use the following tips to keep your systems and data safe:


  • Do NOT open email attachments from unknown or unexpected sources. Most commonly, malicious Microsoft Office documents are attached to emails and contain macros that infect a user’s system once executed. Exercise extreme caution if an email contains a file attachment.

  • Do NOT click on web links from unknown or unexpected sources. Some attackers have been using Google Drive (bDrive) links that cause a user’s web browser to then download a malicious file, and ask the user to execute it. Do not assume Google Drive (bDrive) links are safe.

  • Disable macros in Microsoft Office and do not run macros if you are prompted to by Word, Excel, PowerPoint, etc. unless you are certain the document is from a trusted source, expected, and safe.

  • If you are unsure if an email attachment or link is safe, forward suspicious emails to [hidden email]. Be sure to include full email headers by clicking the down arrow next to “Reply” in bMail and then “Show Original”. Copy and paste the original text of the email and all headers into your message to [hidden email].

  • Review Information Security’s Ransomware FAQ and Anti-Phishing resources:

  • Ensure your system is being backed up on an ongoing basis. Note: It is NOT sufficient to use cloud storage/sync services such as bDrive, Box, Dropbox, etc. for primary backups. Many strains of Ransomware can and will infect files in those services. It is important that your backups are versioned and read-only or offline.


--
Jennifer Bellenger

Change & Engagement Lead
bConnected Collaboration Services
Earl Warren Hall, Second Floor
University of California, Berkeley
Office: <a href="tel:510.664.7416" value="+15106647416" target="_blank">510.664.7416

 


--
You received this message because you are subscribed to the Google Groups "Micronet Announcements" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/a/lists.berkeley.edu/group/micronet-announce/.
To view this discussion on the web visit https://groups.google.com/a/lists.berkeley.edu/d/msgid/micronet-announce/CAP%3DFkVe5Nr8Gow--6KFQRCHt8E7%2BbweU3x%3D6NKRsCq28ftbEGw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/lists.berkeley.edu/d/optout.

--
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
 
To learn more about Micronet, please visit the Micronet Web site: http://micronet.berkeley.edu
 
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
 
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
---
You received this message because you are subscribed to the Google Groups "Micronet" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/a/lists.berkeley.edu/group/micronet-list/.
To view this discussion on the web visit https://groups.google.com/a/lists.berkeley.edu/d/msgid/micronet-list/CAP%3DFkVe5Nr8Gow--6KFQRCHt8E7%2BbweU3x%3D6NKRsCq28ftbEGw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/lists.berkeley.edu/d/optout.

--
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
 
To learn more about Micronet, please visit the Micronet Web site: http://micronet.berkeley.edu
 
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
 
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
---
You received this message because you are subscribed to the Google Groups "Micronet" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/a/lists.berkeley.edu/group/micronet-list/.
To view this discussion on the web visit https://groups.google.com/a/lists.berkeley.edu/d/msgid/micronet-list/CAOJKoALF0_B_R09edCDdwxRqHmERpEgwJ2wo6%2B0RST6iR3%3D%3DkA%40mail.gmail.com.
For more options, visit https://groups.google.com/a/lists.berkeley.edu/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Micronet] [Announce] Ransomware Messages Targeting bMail Users

Jen Bellenger
Hi Ryan, 

We are in the process of simplifying our system architecture as part of the Email Simplification Program, so we will not be able to implement this type of change at this time. Once we complete this work we will have more options, such as what you have suggested, to help reduce the threat posed by these types of attacks. However, no protection is going to be perfect and it is still critical we educate our users not to click on unknown attachments within their spam folder (even if it is from someone they know). We'll continue to partner with Information Security on this.

Best,
Jen

On Tue, Jul 5, 2016 at 4:04 PM, Ryan Lovett <[hidden email]> wrote:
Hi Jennifer,

Can CalMail enable SPF filtering to prevent spoofing? From experience with a couple of old pre-CalMail/pre-GMail departmental domains, that should greatly reduce, if not eliminate, the problem.

Ryan

On Tue, Jul 5, 2016 at 2:05 PM, Jennifer Bellenger <[hidden email]> wrote:

Dear Micronet,


Please be aware that Ransomware messages are continuing to be sent to campus email addresses, including alumni redirects. Over the past week, impacted users have received message(s) in their spam folders that are spoofed and appear to be coming from an @berkeley.edu address, including their own. These messages appear to have scanned images or photos attached but actually contain Ransomware. Additionally, users have received warning messages in their inbox from ‘Mailer Delivery Subsystem” with the subject line “Returned Mail: see transcript for details”. These are being triggered because the original message is forged with your address and Google is rejecting the message due to the virus attachment.


The bConnected and Information Security teams will continue to monitor this issue but remind users to remain vigilant about not downloading unknown attachments. Users who have downloaded the attachment should report this to CSS-IT for immediate escalation <a href="tel:%28510%29%20664-9000" value="+15106649000" target="_blank">(510) 664-9000, option 1.


Use the following tips to keep your systems and data safe:


  • Do NOT open email attachments from unknown or unexpected sources. Most commonly, malicious Microsoft Office documents are attached to emails and contain macros that infect a user’s system once executed. Exercise extreme caution if an email contains a file attachment.

  • Do NOT click on web links from unknown or unexpected sources. Some attackers have been using Google Drive (bDrive) links that cause a user’s web browser to then download a malicious file, and ask the user to execute it. Do not assume Google Drive (bDrive) links are safe.

  • Disable macros in Microsoft Office and do not run macros if you are prompted to by Word, Excel, PowerPoint, etc. unless you are certain the document is from a trusted source, expected, and safe.

  • If you are unsure if an email attachment or link is safe, forward suspicious emails to [hidden email]. Be sure to include full email headers by clicking the down arrow next to “Reply” in bMail and then “Show Original”. Copy and paste the original text of the email and all headers into your message to [hidden email].

  • Review Information Security’s Ransomware FAQ and Anti-Phishing resources:

  • Ensure your system is being backed up on an ongoing basis. Note: It is NOT sufficient to use cloud storage/sync services such as bDrive, Box, Dropbox, etc. for primary backups. Many strains of Ransomware can and will infect files in those services. It is important that your backups are versioned and read-only or offline.


--
Jennifer Bellenger

Change & Engagement Lead
bConnected Collaboration Services
Earl Warren Hall, Second Floor
University of California, Berkeley
Office: <a href="tel:510.664.7416" value="+15106647416" target="_blank">510.664.7416

 


--
You received this message because you are subscribed to the Google Groups "Micronet Announcements" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/a/lists.berkeley.edu/group/micronet-announce/.
To view this discussion on the web visit https://groups.google.com/a/lists.berkeley.edu/d/msgid/micronet-announce/CAP%3DFkVe5Nr8Gow--6KFQRCHt8E7%2BbweU3x%3D6NKRsCq28ftbEGw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/lists.berkeley.edu/d/optout.

--
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
 
To learn more about Micronet, please visit the Micronet Web site: http://micronet.berkeley.edu
 
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
 
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
---
You received this message because you are subscribed to the Google Groups "Micronet" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/a/lists.berkeley.edu/group/micronet-list/.
To view this discussion on the web visit https://groups.google.com/a/lists.berkeley.edu/d/msgid/micronet-list/CAP%3DFkVe5Nr8Gow--6KFQRCHt8E7%2BbweU3x%3D6NKRsCq28ftbEGw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/lists.berkeley.edu/d/optout.




--
Jennifer Bellenger

Change & Engagement Lead
bConnected Collaboration Services
Earl Warren Hall, Second Floor
University of California, Berkeley
Office: 510.664.7416

 


--
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
 
To learn more about Micronet, please visit the Micronet Web site: http://micronet.berkeley.edu
 
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
 
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
---
You received this message because you are subscribed to the Google Groups "Micronet" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/a/lists.berkeley.edu/group/micronet-list/.
To view this discussion on the web visit https://groups.google.com/a/lists.berkeley.edu/d/msgid/micronet-list/CAP%3DFkVfuVQyUT2h2HfcY7JGTaaRGMP73DkpBYDcEARxhrrUoCg%40mail.gmail.com.
For more options, visit https://groups.google.com/a/lists.berkeley.edu/d/optout.
Loading...