Please note that we are still in the analysis phase of this attack. This means the following:
- We all need to be cautious about compromising those computers that have not been affected to date.
- Instructions may change over the coming hours as the analysis of this cyberattack progresses.
Use of Devices on Campus
- Can I log onto the internet and what devices can I use? A provisional WiFi (UAB-provisional) service is available on campus and can be accessed without the need of entering a student ID (NIU) or password. All members of the university community can log on and all those UAB-owned laptops which have passed the preliminary-assessment process to verify that they are not affected by the malware can be used.
- Can I use the photocopiers that are on campus? The photocopiers cannot be used at the moment. We are working on reestablishing authentication services in order to make it possible for students to connect with the service through their NIU and password. For the moment, the only alternative is to use the reprographics centre at the Plaça Cívica.
- Can computers be used in conventional classrooms? Yes, but only if they are disconnected from the network before use and remain disconnected from the network at all times.
- Can teachers use a laptop to teach?Yes, laptops can be used. They must be disconnected from the network, whether cabled or wireless. We recommend that you put them in airplane mode.
- Will the projection system work in conventional classrooms? Yes, the projectors are not affected and can therefore be used, either connected to the computers in conventional classrooms or connected to a laptop.
- Can USB memory sticks (pen drives) be used to load content for projection? Yes. But, when using USB sticks, we strongly recommend that you are especially careful, as these can be a “way in” for malware. Right now, please be particularly vigilant. When connecting the USB stick to another computer, you MUST run an anti-virus/anti-malware programme.
- Can computer classrooms be used? No, right now the use of computer classrooms is not possible.
Use of Collaborative Tools (Office365)
At this stage, there is nothing to indicate that the Office365 environment has been affected by the attack. However, please be especially vigilant.
- Are the Office365 cloud services (mail, Teams, OneDrive, etc.) working properly? Yes, Office365 is working properly. But there is an important limitation: our authentication system does not work, and this means that it is only possible to use Office365 on devices that CURRENTLY have an open session (i.e., on devices that you have recently used for connecting with and on which the session has not yet expired). Once sessions have expired, users cannot re-authenticate access until the user authentication system on campus has been re-established.
- Can corporate email be used from devices not connected to the campus network? Yes, corporate email can be used as per normal. But please note that fewer and fewer people will have access to this, as sessions expire.
- Can we use Teams to communicate from devices not connected to the campus network? Yes, we can use Teams. But please note that fewer and fewer people will have access to Teams, as sessions expire.
- Can OneDrive be used from devices not connected to the campus network? Yes, OneDrive can be used as per normal. But please note that fewer and fewer people will have access to this, as sessions expire.
- I found encrypted files (with a .uab or similar extension) in my OneDrive folder. How is this possible? Can I still use my computer? Will I be able to recover these files? If at the moment of the attack your computer was active and your data synchronised with your OneDrive folders, these folders and some of the files within them were probably encrypted. If you find encrypted files in your OneDrive, you can continue to use your computer, since it will not be affected by these files because they do not contain any malicious code. To recover your files, please contact the CAS and let them know which files they are before MIDNIGHT OF WEDNESDAY 20 OCTOBER, in order to be able to take the appropriate steps and recover them.