Normally, one would think that phishing emails are easy to spot. If you get an email from an unknown sender with a weird attachment . . . you should probably NOT open it.
Yet, several students at University College London decided to throw their commonsense out the window just a few hours ago.
A malicious email began surfacing the inboxes of both the students and staff of UCL. The phishing message was able to slide past antivirus implementations. UCL’s IT security staff is dubbing the event a “zero-day attack”.
After the phishing email’s attachment was opened, files on both local and shared network drives were encrypted by the ransomware virus.
As a result, UCL is still working on gaining access to certain files and systems. Despite the ransomware only targeting Windows users, it’s safe to say the majority of UCL is Windows users.
In order to prevent the virus from spreading, UCL’s ISD (Information Services Division) briefly put a lock on admission to shared network drives.
In response to the event, ISD released an official statement:
“It is vital we all maintain a high level of vigilance when opening unexpected emails. If the email is unexpected or in any way suspicious then you must not open any attachment or follow any link in the email. Doing so may lead to loss of your data and very substantial disruption to the university.”
Although ISD’s words should be nothing new – and relatively easy to achieve – it is also clear that some of the students at UCL are in need of further learning. Ransomware is no joke.
Even if you’re a student at a university with nothing riding on potentially encrypted files, think of the bigger picture. You’re in college for a reason. In the end, those encrypted files could be an important step on your road to success.
