There is a current ransomware attack that we have been notified about by one of our UW System schools. We are making you aware of this incident so that you can take appropriate steps to inform your staff to remain vigilant.
This particular attack comes in the form of a very convincing email message which appears to come from a credit card company and contains an attached protected Word document. Recipients are given the password to the document in the body of the email, told it is an invoice, and told that they are about to be charged for the amount in the invoice. If the recipient unlocks the Word document, it encrypts their local drive (not network shares). The protected Word document then passes through anti-virus filters undetected.
Please keep in mind that while a legitimate invoice might be emailed to departments from vendors, the credit card companies that UW-Madison engages with would not send an invoice to review. Emails received from our credit card companies would be in the form of statements.
For more information and resources on how protect yourself and your staff against ransomware, please visit the Ransomware Facts & Tips at StopThinkConnect.org, which is part of the National Cyber Security Alliance (NCSA).
For questions on this particular ransomware incident, or on ransomware in general, please contact us at email@example.com