To: All Users

The Cybersecurity Incident Alert and Response Centre (CARIC) was informed that hackers have been sending phishing emails to various operators with the subject “Infringing Copyright or Violating Legal Regulations” to deceive users to download and open crypto ransomware virus.

The mentioned email accuses the website content of recipient’s organization, involving copyright infringement or violation of laws and regulations, and requires the recipient to click on the link provided as below in the email:

to download a compressed file with the “.rar” to understand the specific situation and remove the infringing content, otherwise legal action will be taken against the recipient, and the decompression password is provided in the email. After the analysis by CARIC, the compressed file contains an executable program that may download and install crypto ransomware once executed. Once infected, the computer of the victims may be subjected to ransomware encryption, remote control, information leakage and other hazards.

Suggestions:

• If you receive similar email, do not download or open any files, and immediately notify ICTO Helpdesk for follow up;
• Ensure the antivirus software is installed and virus definition files are regularly updated;
• Do not open suspicious email attachments or links, and do not enter important information such as account passwords on suspicious websites.

Sample of the malicious email:

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office