I’m shocked that this wasn’t blocked already!  In fact, I feel that executables should be blocked internally as well.

 

 

 

On Thursday, October 17, 2014, any emails from external senders with executable attachments (such as files ending in .exe) will no longer be delivered via CampusAD and mail.msu.edu email services. This is to reduce inadvertent malware infections on campus and to follow industry best practices for email safety.

 

 

Please note: In recent weeks, MSU Information Security has seen several cases of a new variant of CryptoWall on campus. CryptoWall is an exceptionally dangerous infection that encrypts a user’s useful files and holds them for ransom. This malware does not simply target local files, but all mapped network drives as well, causing further damage in a very short amount of time.

 

CryptoWall spreads in three ways: 

1. Fraudulent emails containing malicious links or attachments
2. Malicious websites which exploit the user’s browser
3. Secondary infections dropped by a malicious program on the user’s device

MSU Information Security has taken several protective measures to detect and stop these infections, but new versions are getting discovered at a very rapid rate.

Action Items:

1. Make sure you have secure (encrypted) offline backups of all important data
2. Re-educate your users concerning the risks of:
   • Opening unknown attachments 
   • Clicking on links in emails
   • Clicking on ads, even on trusted sites
3. Re-assess group shares and network drives to ensure users only have access to those folders they actually need

If you believe you have been infected with CryptoWall, please contact the IT Services Support Desk at (517) 432-6200.

Thank you,

 

Information Security

Michigan State University