E-mails containing a new blackmail Trojan (so-called ransomware called "Goldeneye") are currently being sent in Germany and have already reached the university. The email appears to be a targeted application for a place at university or an advertised position and at first glance can hardly be distinguished from a legitimate application. The sender is a person with the name "Rolf Drescher" or similar.
If you receive such an e-mail, please do not open the files attached!
The Microsoft Excel file attached contains macros which, when executed (by clicking on "Show contents" or "Activate editing function"), immediately begin to encrypt your data on the hard disk and, if necessary, the network drives. encrypts your data on the hard disk and possibly also the network drives and ransoms it by paying a certain amount.
We have adapted our filters accordingly and the original version of the Trojan is now recognized by Sophos. However, it is likely that further variants will arrive in the future in a modified form. It is worrying to observe that the attacks are becoming more targeted and professional (good German, specific form of address, reference to real events at the university).
Please always carefully check the content, sender, links and, above all, the attachments of incoming e-mails and, in case of doubt, always contact the HRZ service (e-mail: hrz-service@hszg.de, Tel.3333)!
If you have become a victim of such a Trojan, please switch off your computer immediately (do not shut it down) and contact us. There is no point in responding to ransom demands; it may be possible to decrypt the data at a later date if the key is (in the unlikely event) published. You should also use the backup options offered by the HRZ or store your data centrally on HRZ resources, which are backed up regularly.
Recently, phishing e-mails have also been arriving again and again, which try to lure users to external websites where they can enter their login data / confirm accounts or similar and thus access your access data.
Please check the meaningfulness of such mails and make sure that your login data is only entered on university websites/servers (the transmission is always encrypted here, by clicking on the lock symbol in the address bar of your browser you verify the certificate of the Zittau/Görlitz University of Applied Sciences.
Further information on the Trojan can be found on the pages of Heise Online:
https://www.heise.de/newsticker/meldung/Goldeneye-Ransomware-greift-gezielt-Personalabteilungen-an-3562281.html
