Category Archives: Helpdesk Alerts

Security Notification: Ransomware Delivered Through Phishing Attacks

A year ago the Internet saw a rash of malware known as ransomware. This malicious form of cyber attack is known for infecting a computer and encrypting a drive. The victim is then unable to recover their data until paying a ransom to the attacker. Middlebury, like many other institutions was not immune to this form of attack.

A week ago the FBI announced a new variant on a common form of these attacks known as CryptoWall. This form of ransomware is known to have four methods of infecting a computer.

  • Phishing: the attacker may lure a victim into downloading an infected attachment through a phishing campaign and thereby compromising the drive on their system.
  • Phishing: the attacker lures the victim into clicking on a link to a malicious web site where the victim unknowingly downloads the malicious software onto their system and compromises their drive.
  • Infected ad: the attacker posts and infected ad on a website which a user might click thereby causing the download of malicious software.
  • Compromised website: the attacker compromises a website so when a user visits the website they unknowingly download malicious software and compromise their system.

According to the FBI, by far the most common method of attack is phishing, particularly with attachments in the message.

What you can do to protect yourself:

  • Never open attachments or click links in emails that you do not recognize or trust.
  • Know what a phishing attack is and how to spot one. visit http://go.middlebury.edu/phish or http://phishing.org
  • If you think you have fallen for a phish change your password. then call x2200
  • If you believe you system is compromised, unplug it from the power and the network. Shut it down immediately. Do not worry about saving your work. then call x2200.
  • Backup your data routinely. If you save your data to Middfiles or your home directory it will be backed up automatically.
  • Never disable your antivirus software.
  • Send any suspect emails to phishing@middlebury.edu
  • Only download software from known vendor sites.
  • Don’t click on ads in web sites. Visit vendor websites directly.

Sources:

Systems Maintenance this Sunday, June 28th

During our regular maintenance window this Sunday, June 28th from 6 am – 10 am we have the following activities scheduled:

 

  • We will be moving telephone equipment starting at 6am. There will be an outage of telephone services lasting up to one hour while the equipment is being moved. The outage has the potential to include access to voicemail as well as incoming and outgoing calls across the Middlebury VT campus, Bread Loaf, and Snowbowl locations.

 

We appreciate your patience as we continuously strive to keep our systems functioning optimally.

 

Regards,

Billy

 

 

Billy Sneed

ITS – Central Systems & Network Services

Middlebury College

Systems Maintenance this Sunday, June 14th

During our regular maintenance window this Sunday, June 14th from 6 am – 10 am we have the following activities scheduled:

 

  • We will be upgrading the physical links for Internet path from the Middlebury LAN to the Internet. This maintenance will see up to a dozen brief (1-2 minutes) Internet outages over the course of the maintenance window.

 

We appreciate your patience as we continuously strive to keep our systems functioning optimally.

 

Regards,

Billy

 

 

Billy Sneed

ITS – Central Systems & Network Services

Middlebury College

Systems Maintenance this Sunday, May 31st

During our regular maintenance window this Sunday, May 31st we have the following activities scheduled:

 

  • We will be upgrading the border firewalls at the Vermont campus. This has the potential to impact all Internet connectivity as well as the VPN connection to the Monterey campus. The firewall is setup in a highly-available configuration which should help keep service outage to a minimum.

 

We appreciate your patience as we continuously strive to keep our systems functioning optimally.

 

Regards,

Billy

 

 

Billy Sneed

ITS – Central Systems & Network Services

Middlebury College

Key Survey Scheduled Maintenance – Sunday, May 31

KeySurvey Logo

The following information is relevant to anyone who uses Key Survey to create and distribute surveys, as well as survey respondents.

From: WorldAPP Customer Care
Sent: Thursday, May 28, 2015 1:02 PM
Subject: WorldAPP Maintenance Notification

Key Survey & Form.com will be undergoing maintenance between 1am and 3am EDT on Sunday, 31st May.

As part of our commitment to enhance our services and improve reliability, we need to schedule a short maintenance period this weekend to replace some elements of our production environment.

During the maintenance period both the Form.com and Key Survey applications will be unavailable, with respondents directed to a maintenance page.

Further information and updates will be posted to our community pages.
Sincerely,
WorldAPP Customer Care Team

Key Survey / WorldApp Update: Message from the CEO

Here is the message sent by the CEO of WorldApp, Inc. concerning last Friday’s Key Survey down time.  (Key Survey is a software program used to create and distribute surveys, as well as collect & analyze responses.)

KeySurvey Logo

From: Oleg Matsko
Sent: Monday, May 18, 2015 9:36 AM
Subject: An update on Friday’s disruption – a message from our CEO

Last Friday’s issues have been some of the most severe issues to affect WorldAPP since we launched Key Survey in 2002. As CEO, I take immense pride in serving organizations across the world in fulfilling their requirements and I feel immensely sorry and hurt that we let those customers down. As such, I feel it is only right that we be completely open, honest and transparent about what happened, and what we are doing to make sure it doesn’t happen again.

A few weeks ago we noticed that one of the storage components of our production environment had started to fail. This in itself doesn’t cause an immediate issue, our production environment is built with multiple layers of redundancy, and despite one of the critical elements of this environment not functioning, our applications continued to work in the manner they should, without any impact on availability. It is important though that when these issues occur, we rectify them as quickly as we can, so that should other components of our environment fail, there isn’t any impact on service.

So for the past few weeks we have been preparing our secondary storage components to take over, allowing us to complete the necessary works on the primary components. Our applications collect a lot of data, in fact the equivalent of 11,000 pages of paper an hour, and this amount of data takes a lot of time to transfer. In an absolutely emergency we can complete this transfer in about 12 hours, but as our primary setup was still stable, and the risks of transferring such a huge amount of data in a relatively short amount of time being quite high, we took our time and completed this transfer over a period of a few weeks.

This transfer was completed on Thursday evening, our secondary storage components went live without issue, and our primary storage components were taken offline to allow the required maintenance to be completed. For a few hours, everything worked fine, and then at around 08:00 EDT on Friday morning, without notice our secondary storage components failed. At the moment, the reason why they failed is still unclear, there doesn’t appear to be an obvious cause. We will work hard with our infrastructure partners, to find out why this happened – but the most important thing for us to do on Friday was to get our applications back online.

Key Survey and Form.com are incredibly large and complex applications, and restarting them isn’t a simple operation. The applications are made up of many separate modules, each relating to an area of their functionality, such as reporting, voting or our API. The effort required to restart them is large, so much so that they cannot all be restarted at once. As such, modules were restarted individually, in order of priority. Our main Key Survey and Form.com environments were operational by 15:00 EDT, with all of our reporting modules online by 21:30 EDT and specific instances of our applications for individual customers back online by 00:30 EDT on Saturday morning.

As a result of Friday’s disruption, I have instructed our teams to rebuild our storage infrastructure to include additional layers of redundancy with built in instant failover capabilities. This is no easy challenge, implementing this infrastructure and migrating all our applications will take about a week, but we should be able to complete this without additional disruption. Once these changes are implemented, we will be able to recover our systems in a matter of minutes. This is in addition to the construction of the remote disaster recovery infrastructure which is already underway and estimated to be completed early next year.

Unfortunately, until these changes have been completed, our secondary storage components could fail again, and this leaves us in a precarious position. Whilst the probability of such a failure is low, and we have taken all possible precautions to ensure it doesn’t reoccur, our teams are prepared to restore services as quickly as possible in the event of a second failure. As the amount of data that is migrated to the new infrastructure increases throughout the week, the amount of time to restore services in the event of an issue reduces. This does mean though that should a similar issue occur early this week, we could experience a similar outage as to what happened on Friday.

As mentioned, I want to be transparent about the challenges we face, and honest about what could happen while we take steps to improve our services. We will let you know as soon as this new environment is fully functional and we can be sure that such issues do not cause as much disruption as they have. In the meantime our team are working diligently to monitor and manage our applications to avoid such issues, and are prepared to restore services as quickly as possible in the event of a reoccurrence of Friday’s troubles. I can also assure you that we will investigate thoroughly what caused these components to fail, but for the time being I want to concentrate all our resources on implementing these changes and improving our service to you.

We will support you as much as we can as a result of this disruption – if there is anything WorldAPP can do to assist you from work you weren’t able to complete last week, such as building surveys, forms or reports, please let your account manager know. We’ll endeavour to accommodate as many requests as we can.

Once again I would like to reiterate my thanks for your patience and understanding, and my genuine sorrow that we have let you down. WorldAPP have been a trusted provider of survey, forms and inspection solutions for over 12 years now, and I hope my explanation of what happened, and assurances of the actions we’re taking to ensure it doesn’t happen again, go some way to rebuilding that trust.

Sincerely,
Oleg Matsko
CEO
WorldAPP, Inc.
161 Forbes Rd Ste 300, Braintree, MA, 02184, US