University status in regard to recent ransomware attack affecting NHS and others

Padlock

[16 May 2017]

You will be aware of the news reports of ransomware attacks on the NHS and many other institutions around the world.  Ransomware attacks are mainly launched via email and are a major threat to our data. 

The vast majority of machines attached to the University network have security updates (patches) applied automatically and are therefore protected from this attack.

We protect our systems against attacks with regular patching, anti-virus software, firewall protection and malware filtering.  Updates to protect University systems against the vulnerability exploited in the latest attacks were tested and released to our systems in March 2017.  We are currently working to check that all updates have been deployed successfully and ensure that our systems are fully protected.

Provided your machine is connected to the University network, it will receive security updates automatically and will request a restart to implement these.  Always follow these instructions and please don’t elect to postpone restarts.

To ensure your machine can receive updates over the network please don’t switch it off at the end of the day.  Simply locking your machine is sufficient.

As a precaution, over the next seven days we will automatically restart any machines that are not up-to-date, even if you are logged in.  This will enable security updates to be applied.  We will endeavour to schedule the restarts outside of working hours as far as possible.

Ransomware typically relies on individuals opening attachments or clicking links in emails and the hackers strive to make these appear genuine.  Everyone should take care with emails containing attachments or links.  You should ask yourself:

  • Am I expecting an email from this organisation?
  • Have I purchased or used the service being referred to?
  • Am I confident that the attachment is safe?

Never run a program if you don’t know where it has come from and haven’t chosen to install it yourself.

Personal and home computers need to be protected as much as University systems, so make sure you run system updates and check your anti-virus software is up to date the next time you use your computer.

For more information see the article on the malware from Microsoft: https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

We also offer advice on dealing with fake and phishing emails at: http://www.bristol.ac.uk/infosec/email-threat/

We request that all staff carry out their essential on-line cyber security training in MyReview.

Please don't hesitate to contact the IT Service Desk if you have any questions.