Issued at 7:15 a.m. on Saturday, May 13, 2017
UNO's Information Security Office, a division of Information Technology Services, has determined circumstances exist that may pose a threat to members and guests of the UNO campus community. The Information Security Office wishes to notify you of the spread of ransomware through phishing attacks. Please read this notification and take any necessary precautions to avoid being a potential victim.
Date/Time of Occurrence(s): 5-12-17
Summary: On 5-3-17, at 1:29 p.m., the Information Security Office began tracking an online threat that has been targeting health care organizations around the world. This threat has caused significant cyber security issues for the United Kingdom’s health care and health information systems. There also is evidence of this attack occurring within the United States.
The vulnerabilities that are being exploited are associated with the WannaCry ransomware campaign. This activity has been observed impacting entities from various sectors (health care, transportation) as well as being delivered on a global scale. Reports have indicated infected advertising sites (malvertising), exploit kits, and email spam are how the ransomware is being delivered.
Please use the following tips to ensure you are protected during this attack.
- If you receive emails of this nature, do not respond to them.
- Report any type of suspicious email to the UNO Information Security Office (email@example.com.)
- Always log in from a trusted URL, rather than clicking a link in an email.
- Do not access links from within an email that you may not trust or know.
- Use different passwords at work than those you use for personal accounts.
- Do not enter information in a pop-up.
- Check links by “hovering” over them before clicking to see their true destination.
- Verify the sender by hovering over the sender’s name to reveal the actual sender.
If you receive a phone call, ask them for a verification of the service or ask someone else if you feel it sounds too good to be true.
For assistance or to report an incident, please contact the Information Security Office at 402.554.2492 or email firstname.lastname@example.org.
Warning issued by:
Information Security Office
Information Technology Services