Notice on University of Calgary cyber-attacks

Notice on University of Calgary cyber-attacks
You may be aware the University of Calgary is in the process of recovery from a severe cyber-attack which resulted in widespread IT service disruptions for a week or longer. York University IT and Information Security have been closely monitoring the situation along with colleagues at many other Canadian Universities. This notice is to inform the York University community about this kind of attack and how we can reduce the risk of a similar attack.

What happened
While some details are still to be determined, ultimately the attack involved a kind of malware known as ransomware, which infects systems similarly to other viruses but then encrypts files making them inaccessible without a special key that the criminals behind it attempt to sell to the victim.
York University has experienced similar kinds of ransomware attacks over the past two years that have impacted specific computers and data. In most cases, data has been successfully restored from backup copies kept locally or on York network shared drives. York has never paid a ransom. In recent months, the frequency of such attempted attacks at York and elsewhere has increased greatly.

How to protect against ransomware
While York has deployed technology and systems to help prevent such attacks, including email filtering and removal of dangerous attachment types, anti-virus technology, and network-based attack filtering, protecting against ransomware and similar threats requires vigilance from the University community also. Important ways you can help include the following:

- Do NOT click links or open attachments in unsolicited email from people or groups you don’t recognize
- Keep your anti-virus software up to date and enabled; York provides Trend Micro AV to all staff, faculty and students at the University
- Keep your computer up to date, including key software such as your web browser, Adobe Reader, Adobe Flash, Microsoft Silverlight or Java
- Use York network shared drives, or similar that also has regular backups, to store important information, and ensure such information is NOT stored only on your local computer
- If you or your department maintain servers, ensure they are up to date from an operating system AND application layer perspective
- If you suspect your computer is being attacked, shut down your computer immediately and contact your IT support

Additional help, resources, and updates:

- York’s Information Security blog: http://infosec.yorku.ca/
- Information Security Twitter (@YorkU_Infosec) and Facebook page (Yorku.Infosec)
- York’s Computing website: http://computing.yorku.ca/

Please direct any questions or concerns to UIT Client Services -
email: askit@yorku.ca or visit https://askit.yorku.ca