The Cyber Security team is partnering with various teams around campus to address the risks of ransomware to our IT environment. The first and easiest solution for us to implement is to enable the IronPorts to start stripping .docm and .pptm attachments. Even today, Cyber Security has received another alert from our threat intelligence sources that have alerted us to another ransomware attack that is making the rounds and is being delivered via a .docm email attachment.
Working with the email team, we intend to enable this policy within the IronPorts on September 8th 2016 at 6 AM. From that point forward, anyone who is sent this type of file as an email attachment from an outside party will receive a message in the body of the original email message informing the recipient that the email attachment has been removed.
Please note, email users may still share macro-enabled files via the following means:
- Compress the attachment as a .zip file and then email the file
- Use Office365 OneDrive file sharing
- Soon Dropbox file sharing will be available
Please inform your users of this change as soon as possible. Should you have questions, you can either contact my team or the email team.