On 3/16/21, the Cyber Division of the FBI released an alert to higher education, indicating a recent increase in a specific ransomware attack targeting institutions in 12 US states thus far, and the United Kingdom. PYSA, also known as Mespinoza, is a malware capable of exfiltrating data (unauthorized movement) and encrypting users’ critical files and data stored on their systems. Actors typically gain access via compromised credentials or through phishing emails, then use exfiltrated data as leverage to elicit ransom payments. Upon malware execution, a detailed ransom message is generated and displayed on the victim’s login or lock screen.

Denison ITS has performed an initial scan of employee computers looking for indications of compromise, and has not found any infected devices thus far. If you have any concerns about your computer related to this alert, please contact the ITS Service Desk for assistance at servicedesk@denison.edu or 740-587-6395.

Please review the following recommendations to reduce the risk of a ransomware attack.

Recommendations:

• Use Google Drive as the location for storage, and backup important files there. This page provides further information.
• Install/apply updates to your operating system and software as soon as possible after they are released.
• Ensure antivirus/antimalware software is installed on all computers you use (Denison ITS installs McAfee on all managed computers). Our software download page on MyDenison provides recommendations for personal computers under “McAfee Endpoint Security”.
• Only use secure networks and avoid using public WiFi networks. If you are an employee working remotely and accessing sensitive information on campus, use our Global Protect VPN to connect securely.
• Hover over hyperlinks in emails to ensure they are going to where you expect them to go.
• Do not install software unless you are certain you trust the source.