Carleton University. I visited in 1984, so this must be my fault. It had what you'd expect for a University in the cold cold Capital of Canada: (underground) tunnels connecting the buildings and strong departments of Journalism and Political Science.
Another Canadian uni hit by ransomware, students told to keep Windows PCs away
Carleton University in Ontario, Canada, has confirmed it has been hit by a ransomware infection that crippled some of the Windows machines on its main campus. Systems at the university started to go down on Tuesday, and its IT department reported that email, network drives and the central university student portal had all …
COMMENTS
-
Wednesday 30th November 2016 00:29 GMT Anonymous Coward
Mitigation
Good that they can recover from backups, but better if you can prevent scumware from afflicting you in the first place.
We were hit once. No real damage but we had to re-image one PC and pull back a few files from shadow copies. About 30 minutes to recover. However, this was annoying enough to push us to look at ways to mitigate attacks. Analysis showed that the user had opened a link in an email that had bypassed our web and AV filters. To counter this we changed the firewall to only allow downloads from websites that have been categorised by the firewall vendor.
Next layer of defence was to implement applocker policies to prevent unknown executables from running from suspicious locations such as user profiles.
Finally, we implemented FSRM to look for known crypto malware files being written to file servers. If they are detected, alerts are generated and share permissions are set to read only. Since implementing this and trying to keep our file screen up to date with new variants, I have since found this site that keeps a comprehensive list of files to add to your file screen. https://fsrm.experiant.ca/
If all else fails, we have shadow copies, offisite delayed replicas and 2 independant backup solutions to tape and disk.
Of course there are never any guarantees, but since doing this we have had no further incidents.
-
-
-
Wednesday 30th November 2016 17:51 GMT bombastic bob
Re: Mitigation
"went to a user in the goods receiveable department."
even RSA got 'hacked' in a similar way, when an attachment with a payload was apparently opened [in 'virus outbreak' aka MS Outlook] by a low-level accountant that was "on the network".
general e-mail rules to avoid this:
a) *NEVER* preview in HTML
b) *NEVER* even VIEW in HTML
c) *NEVER* allow 'inline whatever' to be previewed (or even VIEWED) in an e-mail
d) *NEVER* click on a link in an e-mail. *NEVER*. [I've received fake 'unsubscribe this' links in legit-looking bulk mail that appears as if I were maliciously subscribed against my will, most recently to 'wired', which I forwarded to their abuse department instead - had I clicked, who knows what would've happened!]
HTML mail is *EVIL* and should be avoided. Doesn't matter how many cat-pic chain mails get forwarded that way. If you must see it, save the attachments, scan them, THEN view them.
This level of security requires strict I.T. policies *AND* compliance. However, if you can actually *GET* users to comply, it will save your ass at some point.
-
-
-
Wednesday 30th November 2016 23:20 GMT Anonymous Coward
Re: Mitigation
What's it cost in staff overtime to impliment all these attack mitigations?
-
Thursday 1st December 2016 05:22 GMT Anonymous Coward
Re: Mitigation
Eh? Doesn't need overtime. Just needs some GPOs for the applocker and installing and configuring the FSRM role on the file servers. Thats the joy of AD, you can centrally manage almost anything with policies.
By linking to Ubuntu I assume that you are implying that we should rip out all our Microsoft infrastructure and replace it with Linux? Not really practical when we have multiple SQL servers, an Exchange infrastructure, numerous application servers and a farm of Citrix RDS hosts running a large number of applications with no non-Windows alternative.
Assuming I could find Linux based replacements for everything we run, I think that the amount of overtime required to replace everything would be a tad more than was required to put in the mentioned mitigations.
Personally, I am completely OS agnostic. I had used numerous flavours of xnix going back to SCO unixware. I do run some Linux servers. I just use whichever OS is suitable for the job.
I do despair when we constantly get people who run the odd Linux box or two think that you can rip out a mature enterprise infrastructure and replace it with Linux. These are tools to do a job, not a religion.
You are a very silly man. Go away.
-
-
Wednesday 7th December 2016 00:35 GMT Anonymous Coward
Re: Mitigation
No great mystery as to why I post anon.
My employment contract has a clause which stipulates I must not post anything damaging to the company or clients on social media or any other website.
I don't think I ever post anything negative, but to avoid any issues I just choose to always post anonymously when mentioning anything to do with work.
What is your excuse for being an idiot?
-
-
-
-
-
Wednesday 30th November 2016 01:03 GMT Barry Rueger
Cartoon U
Ahem. Cartoon U is not really in the same league as say Oxford or Harvard. I am not remotely surprised.
FWIW, we once bought a group of PCs from their computer services department when I worked there.
One by one they all died, first with smoke, then with showers of sparks like roman candles out of the back of the power supplies.
Stuck with Dell after that.
-
Wednesday 30th November 2016 19:30 GMT Anonymous Coward
Windows FAIL
That's what universities get for running Windows networks for the most dangerous most seediest users of all, students.
Morans.
Then again, Linux these days... better go back to pen & paper. PCs should not be a requirement for courses where they're not strictly necessary, and where they are, you can generally get a better education from Youtube.
-
Wednesday 30th November 2016 22:45 GMT Stevie
Re: you can generally get a better education from Youtube.
If you are willing to spend three times the time necessary and can listen to the stupid music, incessant "um, ah, um" instead of lucid recitation, and ad-hoc backtracking to cover forgotten precursor information or alternative approaches without hitting first CTRL-C and then the bottle.
And that's before we get into the camera technique that has hands, heads and bodies blocking whatever it is the blithering drooler on screen is exhorting us to watch closely.
I never saw an "educational" YouTube video that couldn't be improved by deleting it. GIMP and Blender bring out the cream of the crop of dithering blither, but don't take my word for it. Grab some strong drink and go on a voyage of discovery.
The best YouTube footage comes from Russian dashcams. At least there the inevitable wreckage flying all over the place belongs to someone else.
-