Community update about ransomware

May 15, 2017

 

The following message was sent today to members of the Harvard community. For additional information, visit the Harvard Information Security website at security.harvard.edu.

Dear Members of the Harvard Community,

You may have heard about the global ransomware cyber-attack ‘WannaCry’ that made the news Friday and over the weekend, affecting more than 200,000 computers in 150 countries. Ransomware is a type of malicious software that locks access to a device and its data, and demands money to release it.

While there are no reported instances of this attack at Harvard at this time, this event has prompted questions about what can be done to guard against threats of this nature. Please review the following best practices to keep your data safe today and every day.


Apply updates. If your computer is Harvard-managed, you already have the patch that is needed to prevent this particular attack. In general, you should set your devices to automatically apply updates and restart them often. The Harvard Information Security website provides more guidance on applying updates, https://security.harvard.edu/apply-updates.
 
Click wisely. Do not open links or attachments in an email if you are unsure of the legitimacy of the email or sender. An individual's email address can be faked by cyber criminals. Be vigilant, even if the email is from someone you know.
 
Ensure that your data is backed up. If you use Harvard’s Office 365 email and OneDrive file storage service, this is already done for you.

We are also asking our community to report any suspicious emails, now and ongoing, by forwarding them to phishing@harvard.edu. This will help our information security teams identify phishing campaigns targeting our community, and take the appropriate action.

More information about this attack, and how to stay safe online, can be found at Harvard’s Information Security website, https://security.harvard.edu.

Sincerely,
Christian Hamer
University Chief Information Security Officer