!

Print

What You Need to Know About the Petya Ransomware Attack

Tuesday, June 27, 2017 - 20:02

 

Computing Services and Systems Development (CSSD) is aware of a new malicious software program named "Petya" that made news yesterday for infecting corporate systems in the U.S. and Europe. "Petya" is a type of ransomware that relies on unsuspecting users to click links or open an infected email attachment to download it. Once it has been opened, it encrypts files on the affected computer and network share drives, and the user is then required to pay a ransom to recover their files. One reason this malicious software has spread so aggressively is that it then attempts to infect other computers on the network that do not have the latest security updates and are not protected against "Petya".

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on or downloading unknown email attachments, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD urges you to take these steps immediately to protect yourself:

  1. Install the latest Windows patches--especially the MS17-010 critical Windows patch available at https://technet.microsoft.com/en-us/library/security/ms17-010.aspx  and the application patches documented at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199.
  2. Be sure your system is running a recent version of Symantec Endpoint Protection with LiveUpdate enabled.
  3. Be sure your system is running a recent version of Malwarebytes Premium with up-to-date definitions.

With Petya, Symantec Endpoint Protection and Malwarebytes Premium are critical as an infected system will keep attempting to infect machines on the local network even if the Windows vulnerability is patched. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Petya is ransomware that relies on the same Windows vulnerability that was central to the last month’s “WannaCry” attacks. It will encrypt the Master File Table for NTFS partitions and overwrite the Master Boot Record with a custom bootloader. The software will then demand a ransom payment. According to reporting by security researchers, Petya leverages the EternalBlue exploit that was made public in April and used by WannaCry to spread between systems on a network. EternalBlue utilizes a known Server Message Block (SMB) 1.0 vulnerability affecting most versions of Windows.

More information on this exploit it is available at:

https://www.symantec.com/connect/blogs/petya-ransomware-outbreak-here-s-what-you-need-know

and

https://blog.malwarebytes.com/cybercrime/2017/06/petya-esque-ransomware-is-spreading-across-the-world/

 

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement.
 

Phone: Emergency Calls from University Phones

Call 412-624-2121 in any situation that requires immediate assistance from University police, the fire department, or an ambulance. Please familiarize yourself with the locations of emergency call boxes around campus should you find yourself in a situation where you do not have access to a landline or cell phone.

Analog/Legacy System (Avaya)

Data Warehouse Extended Maintenance Scheduled for June 9-10

Monday, June 5, 2017 - 11:36

The University Data Warehouse will be unavailable from 9:00 p.m. on Friday, June 9 through 9:00 p.m. on Saturday, June 10 for system maintenance. Data Warehouse users will be able to view saved reports during the maintenance period but will be unable to run reports with Cognos. Although an extended maintenance period has been scheduled during these times, the system will be returned to service earlier if work is completed ahead of schedule. This maintenance is necessary to maintain the stability and reliability of the University Data Warehouse.

Resolved: Network Issue Affecting Online Service Request Forms

Friday, May 19, 2017 - 09:31

10:05 AM, Friday, May 19, 2017

The network issue affecting the Online Service Request forms has been resolved.

 

 9:31 AM, Friday, May 19, 2017

A network issue is affecting Online Service Request forms at technology.pitt.edu including the Help Request Form. Customers who need to place help requests should call the Technology Help Desk at 412-624-HELP (4357). CSSD Engineers are working to resolve the issue. We apologize for the inconvenience.

Resolved: Verizon Issue Affecting Inbound Calls to Some University Extensions

Thursday, May 18, 2017 - 17:27

5:55 p.m. Friday, May 19, 2017

Verizon has resolved their issue that affected inbound calls to some University telephone extensions. All phones that were affected by the issue have been restored to full service.

5:27 p.m., Thursday, May 18, 2017

We have been made aware that Verizon issues are affecting inbound calls to some University telephone extensions. Please contact the Technology Help Desk at 412-624 HELP [4357] or online at technology.pitt.edu if you are experiencing any problems with your phone service. Updates will be posted as they become available.

Phishing Alert: Sophisticated Google Docs Scam

Wednesday, May 3, 2017 - 16:35

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims someone has shared a document with you on Google Docs. A hyperlink in the email message takes the reader to a Google sign-in page, or (if the user is already signed into Google) prompts the reader to give an app access to the user’s account. If the reader grants the app access, a third party will have gained control of the user’s Google account. This would allow the attacker to view the user’s emails, documents, search history, and any other information stored in Google.

The following is a sample of the recent fraudulent email. Before clicking on any documents shared with you, check with the sender personally to confirm that they did indeed share a document with you. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: John Doe has shared a document on Google Docs with you

John Doe has invited you to view the following document:

Open in Docs

 *************************************************************************************

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Faculty Information System: Adding Scopus and ORCID Identifiers

Scopus Information

Can I add a Scopus ID to my Faculty Information System profile?

Yes. You can add your Scopus ID to your Faculty Information System profile.

If you need to find your Scopus ID, use this lookup tool.

Note:  There is no registration process for a Scopus ID. You are automatically assigned a Scopus ID if you have a paper indexed in the Scopus database.

Directory Services: How to Enable Group Delegation By Responsibility Center

Reestablish Group Delegation

Responsibility Center(RC) Account Administrators may grant others the ability to manage groups within their Responsibility Center. Access can be granted to any primary account holder at the following levels:

  • Responsibility Center: This person can create, manage, and delete groups within the entire ResponsibilityCenter.

My Pitt Video: Frequently Asked Questions

1. Who can use My Pitt Video?

Anyone with a primary University Computing Account has access to the system. Sponsored accounts can be given access, but need to request access by contacting the Technology Help Desk at 412-624-HELP [4357] or submitting a request online.

2. Who can create content within My Pitt Video?