FBI warns of imminent ransomware threat
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) recently released a joint cybersecurity advisory warning of an imminent, credible ransomware threat to U.S.-based hospital systems and health care providers that could have large-scale or regional impacts.
Ransomware is a type of downloadable malware designed to encrypt files on a device, preventing access to files and/or rendering the system unusable. Ransomware actors then demand payment or “ransom” to regain access, or threaten to destroy the data, expose sensitive data, or publicly announce the threat to cause panic.
Employees are encouraged to review departmental business continuity plans and understand operational contingency procedures, in case UT Southwestern’s network is disrupted or becomes unavailable.
Similar attacks from the suspected cybercriminals have initiated with a phishing email to personal email accounts as well as company email accounts. To better protect UT Southwestern and our patients, please:
- Stay hypervigilant over the next two weeks for phishing emails to personal accounts and UT Southwestern. When in doubt, do not open unexpected emails. Be aware that phishing emails may be preceded with a phone call or text message to lower your defenses. Indicators include:
- Avoid websites you are not familiar with and avoid clicking on unsolicited, unknown, or unfamiliar links. Avoid downloading any files that you were not expecting or are not familiar with.
- Do not store sensitive data on unsecured computers or drives.
Phishing indicators (includes email, text messages, phone calls)
- Be cautious of links; examine the website address by hovering over it before clicking
- Examine the sender’s email address for inconsistencies between it and the email context
- Sender doesn’t address you by a proper name
- Requests action from you or atypical sense of urgency
- Unexpected context
- May seem legitimate; if in doubt, Email Information Security
Personal accounts and computer protection
- Use multifactor authentication wherever possible for your personal banking, email, shopping and social media accounts
- Keep your software up to date by enabling auto-updates for your computer
- Don’t use old software (e.g. Windows 7, MacOS13 High Sierra)
- Make sure you have Sophos antivirus on your workstation and that systems are patched.
What should I do if I think my computer is infected?
Immediately contract the IR Service Desk at 214-648-7600 if you think you may have been affected or a ransomware threat appears. Quick notification will help avoid further spread. Disconnect from any network. Power down your computer and do not reboot. Do not respond or click on any links in the threat.
Report any suspicious activity or concerns
Call the IR Service Desk at 214-648-7600 or Email.
Report suspect phishing to the Spam Report Email.