Security Advisory: Ransomware Threats Targeting Higher Ed
Special announcement approved by the Chief Information Security Officer sent to the UTEP community on Friday, November 6th, 2020:
Ransomware Threats Targeting Higher Education
The University of Texas at El Paso has been notified of an increase of Human-Operated Ransomware attacks targeting Higher Education institutions. After a computer becomes infected with the malware, additional malware is installed, allowing attackers to remotely control the machine and spread the malware further. After a network has several machines compromised, the attackers will then try to steal data, credentials, and install ransomware onto computers on the same network.
The malware for these threats often presents itself alongside legitimate advertisements found on common web sites and will display a prompt informing you to update a critical piece of software. Phishing emails are likewise utilized to falsely claim that you must update some software installed on your computer in order to perform a task. The software that supposedly requires an update are common applications found on many UTEP computers, including, for example, Microsoft Teams. After a user installs the malware, an actual Teams update will be started by the malware to further deceive the user of its validity. The malware then attempts to spread to other machines on the same network. Given that a large amount of the UTEP community is currently working from home and utilizing UTEP’s VPN or other Information Resources, this increases the possible number of victims an already infected computer can spread to.
On the brighter side, these threats do have some telltale indicators that could help you identify and avoid such potential threats. First, Microsoft products will never have web-based prompts asking you to update their products; updates for Microsoft products are currently distributed alongside Microsoft Windows updates. Next, Microsoft owns and commonly distributes information and software through their main website, www.microsoft.com, whereas this threat always leads you to a malicious website with an address that is completely different from Microsoft’s real address. The falsified web sites may also contain misspellings of Microsoft (e.g. ‘Micro Soft’).
We recommend that you back up important data as soon as possible to either Microsoft OneDrive or to an alternative backup device, like an external hard drive – just make sure to disconnect the device after the backup is completed or it could be infected as well. In an extreme case of malware infection, having a backup could allow you to continue your work once the computer has been restored to working order or a loaner is provided through UTEP’s Technology Support.
If you suspect that you may have been a victim of a malware infection, please disconnect immediately from the UTEP VPN and log out of any UTEP services before contacting the Information Security Office. Please email a suitable phone number to contact you to security@utep.edu or call (915) 747-6324 and leave a voicemail containing the phone number to contact you. We will follow up and determine what next steps you can take to confirm the infection and remediate it if possible.
If you receive any suspicious email messages, please forward them to security@utep.edu for review.



