March 23, 2021

This message is distributed to Senate-Faculty, Non-Senate-Faculty, and Researchers. (Click here to view description of distribution groups.)

The following is being sent on behalf of the Chief Information Security Officer, Sam Horowitz
**************************************************************************

Ransomware continues to make news in higher education. This week, the FBI warned that the criminal group behind PYSA ransomware has successfully infiltrated colleges and universities in at least 12 states and the United Kingdom. Inside Higher Ed published a brief article that references the FBI bulletin. Phishing and Remote Desktop Protocol (RDP) are the two most widely used methods of attack for this type of ransomware. 

You play a significant part in protecting yourself and your colleagues. Don’t fall for phishing. Threats and urgency are two signs of Phishing. The perpetrators want to instill a sense of dread if you fail to act. Deadlines are real, but seldom do you have to do something in two hours or lose access to your university systems, yet that’s exactly what some forms of phishing threaten. You can report phishing by following the instructions on the security website.

If you contract ransomware, follow these three steps

  1. Remove your computer from the network: unplug the network cable, turn off Wi-Fi and Bluetooth, or enable airplane mode if your device has it
  2. Unplug any USB storage devices, including attached smartphones, removable disk drives, and thumb drives.
  3. Call the ETS Service Desk at 805-893-5000

The service desk will give you immediate steps to isolate and protect your system. They will provide you with a detailed checklist for responding to the attack, and they will contact your local support staff to assist you with recovery. Recovery depends on a good backup. 

Most ransomware starts with phishing links, attachments, or phished credentials. Do your part to thwart the criminal enterprise that has bilked their victims for millions of dollars in bitcoin. 

If you want to discuss phishing, ransomware, or any aspect of cybersecurity, I’m happy to speak with you. Send me a note, and we’ll find a time.

Regards,
Sam

-------------------------------------------

Sam Horowitz, CISSP, CISM
Chief Information Security Officer
he/him/his
Office: (805) 893-5005 
Email: samh@ucsb.edu