Warning: Ransomware Messages Targeting bMail Users

July 5, 2016

Campus bMail users, including alumni addresses, are continuing to receive Ransomware messages in their spam folders, which contain virus-laden attachments. If you received a “spoofed” message in your spam folder that appears to be sent from an @berkeley.edu address (even from your own address), but that you do not recognize, do not click on the attachment. Messages appear to contain scanned images, or pictures but are actually viruses.

Campus users are advised to be vigilant as Ransomware can be extremely destructive. If you have already downloaded one of these attachments, please call CSS-IT immediately (510) 664-9000, option 1.

Use the following tips to keep your systems and data safe:

  • Do NOT open email attachments from unknown or unexpected sources. Most commonly, malicious Microsoft Office documents are attached to emails and contain macros that infect a user’s system once executed. Exercise extreme caution if an email contains a file attachment.

  • Do NOT click on web links from unknown or unexpected sources. Some attackers have been using Google Drive (bDrive) links that cause a user’s web browser to then download a malicious file, and ask the user to execute it. Do not assume Google Drive (bDrive) links are safe.

  • Disable macros in Microsoft Office and do not run macros if you are prompted to by Word, Excel, PowerPoint, etc. unless you are certain the document is from a trusted source, expected, and safe.

  • If you are unsure if an email attachment or link is safe, forward suspicious emails to consult@berkeley.edu. Be sure to include full email headers by clicking the down arrow next to “Reply” in bMail and then “Show Original”. Copy and paste the original text of the email and all headers into your message to consult@berkeley.edu

  • Review Information Security’s Ransomware FAQ and Anti-Phishing resources:

  • Ensure your system is being backed up on an ongoing basis. Note: It is NOT sufficient to use cloud storage/sync services such as bDrive, Box, Dropbox, etc. for primary backups. Many strains of Ransomware can and will infect files in those services. It is important that your backups are versioned and read-only or offline.