The University Information Policy Office at IU has asked IT Pros to make their colleagues aware of another ongoing, large-scale cyber-attack similar to the WannaCry attack earlier this year. The current attack, NotPetya, uses multiple recently patched Microsoft vulnerabilities to deploy cyber-attacks in a style of attack typically referred to as a worm.
Cyber-security experts encourage you to work with your IT Pro at work and also to take steps with personal computers to confirm that all available Microsoft updates are applied. This is an important step in protecting your computer. If you don't have an IT Pro, you can contact a UITS Support Center. This article may be useful with personal computers.
This attack can be spread through phishing email, which is an attempt to con you into giving up information, buying into a scam, or clicking on malicious links or files. Please consider the following points when you receive an email message:
- Are you expecting an email of this nature? It could be something like a password reset, account expiration, wire transfer, travel confirmation.
- Do you do business with the company or person purportedly emailing you?
- Does the message ask for any personal information, such as a password, credit cards numbers or SSN?
- Does the message ask for sensitive information about others?
- Does the message ask you to immediately open an attachment?
- Hover your mouse over the links in the email. Does the hover-text link match what's in the text? Do the actual links look like a site with which you would normally do business?
- Does the "From" email address look like either someone you know, a business you work with, or a proper IU email account?
- Click 'Reply' and check whether the address in the 'To' field matches the sender of the message.
If you're unsure about the legitimacy of an email message, report it to firstname.lastname@example.org for analysis.