Ransomware Alert – Scanned Image from copier@(domain)

Be alert for email messages from “scanned image from copier@<domain>” with an attached macro-enabled file with the extension of “.docm”. This message has been detected to contain ransomware Do not open attachments unless you are expecting a document from a photocopier.  If you have opened the malicious attachment, please contact your IT Administrator immediately.

Ransomware is a type of destructive malware that can affect the files on your hard drive and mapped network drives by encrypting your files. Following encryption, the user is presented with a warning and asked to pay a ransom to receive the key to decrypt their files again.

As a safety precaution, UBC IT is blocking the following types of documents with macros for all UBC emails. We recommend using alternative file sharing services such as Workspace, network drives (eg. Teamshare), and SharePoint if you need to share these types of files.

Blocked Documents

Note: If one of the following blocked files is sent through FASmail, the sender will receive a notification that the message has been blocked. For messages containing a blocked file that is sent outside of FASmail, the email will be silently dropped with no notification to the sender.

Visio
.vsdm (Visio macro-enabled drawing)
.vssm (Visio macro-enabled stencil)
.vstm (Visio macro-enabled template)

Word
.docm
.dotm

Excel
.xla
.xlam
.xlsb
.xlsm
.xltm

PowerPoint
.ppam
.pptm
.potm
.ppsm

The following anti-virus programs are detecting the malware:

  • Sophos Anti-Virus

    Please ensure that your Sophos Enterprise Servers are configured to pull updates from Sophos Anti-virus and they are pushing the updates to your client systems.

  • TrendMicro

Additional Information

 

For questions or concerns, please contact security@ubc.ca.