Notice Board

The University of Calgary is in the process of recovering from a significant, widespread malicious software (malware) attack. The attack resulted in a large volume of computers being infected along with widespread IT service disruptions that lasted nearly a week.
 
The Information Security team at the University of Lethbridge has been closely monitoring the situation since the incident began and, along with universities across Canada, has offered its assistance. 
 
The aim of this advisory is to inform the U of L community about what is known about these kinds of attacks and how everyone can work together to help reduce the U of L’s risk of a similar attack. 

What happened?

The malware attack at UCalgary involved a form of cybercrime known as ransomware. Ransomware is the use of software to encrypt or scramble all kinds of files, rendering them inaccessible without a special key, which criminals attempt to sell back to the victim. 
 
Most security experts and police agencies caution against paying ransoms, noting there is no guarantee the keys provided will work and that paying a ransom only encourages further attacks. 
 
It is not known yet exactly when or how the UCalgary attack began. On Saturday, May 28, the school's wireless network, its e-mail and instant messaging systems and its authentication systems were brought offline. It also advised students, faculty and staff not to use university-issued personal computers.
 
The request to not use computers was lifted on May 30 and the IT team at UCalgary worked around the clock to restore systems and services. Most services and systems were recovered by June 3rd, though some personal computers remained affected. 

What about the U of L?

The University of Lethbridge is not more - or less - vulnerable than any other university.

The U of L has dealt with similar kinds of ransomware attacks in the past that have impacted specific departments and individuals. Working with clients, ITS has successfully restored systems and services using backup copies of information stored on departmental shared drives, for example. In some cases, tools have been made available that have since allowed information to be decrypted and recovered from individual computers.

It is possible that some data stored locally on a personal computer or an external data device such as USB key or hard drive, will not been recoverable after a ransomware attack. 

The University of Lethbridge has never paid a ransom.

What can we do to protect ourselves?

The best defense against malware and ransomware in general is vigilance and resilience. Most ransomware, but not all, is delivered to victims in the form of e-mail attachments or by visiting infected websites.

While the U of L’s security technologies such as e-mail security and anti-virus help prevent much of these attacks, some do get through as the volume of attacks continues to increase.

The U of L, along with other universities, has seen a substantial increase in e-mails with malicious attachments over the past three months. 
 
To help reduce the University of Lethbridge’s risk, we need the help of the entire university community. You can help by:

• Being careful opening e-mail attachments or links coming from people or groups you don't recognize

• Being careful with what websites you visit using your U of L issued devices

• Keeping your anti-virus software up to date and enabled and avoiding turning off the provided security tools on your U of L issued device

• Keeping your computer and key software such as your browser, Adobe Reader, Adobe Flash, Microsoft Silverlight or Java up-to-date with the latest version

• Keeping critical data backed up on your U of L network drive (department or personal) or OneDrive for Business folder.  The University does not back up data on your local hard drive.

• Keeping copies of your critical data in offline storage that is stored securely in a locked cabinet and encrypted if the data contains sensitive personal or other information

In addition to your efforts, ITS continues to work with a variety of partners across the university on several initiatives to improve our cybersecurity posture including:

• A persistent, catalog of IT security awareness courses that includes messages such as this, training on data encryption and best practices.  To access the security courses please visit the Information Security Office website located at:  http://www.uleth.ca/information-technology/security/information-security-courses
• Campus engagement activities in an effort to raise awareness, as well as briefings to leadership groups, departments and faculties as requested. 

If you have any additional questions or concerns please don’t hesitate to reach out to IT Services of the Information Security office.