Many USG institutions have been hit with a ransomware phishing campaign in the last few days which have been delivered to thousands. The attack profile has consisted of a phishing message that used a spoofed/forged “from” field and appeared to come from a campus copier/printer. In our case, it would appear to come from firstname.lastname@example.org.
The message carries a .docm attachment. Do not open the attachment. The attachment is the ransomware payload, which in this instance installs a remote access trojan.
This is an active attack. Communication efforts are underway to universities across the nation through REN-ISAC and there are many other confirmed instances of this throughout the county.
Remember the following things:
- Always keep all of your software up to date with the latest patches; computer and phone.
- Never click on links in emails or text messages and never open an attachment unless you are certain it's legitimate.