Due to the recent major incident with the RYUK Ransomware attack at the School of SEMS, we have DISABLED access to unmanaged devices using the SMB/CIFS protocol to the networks shares on the staff login-server ‘frank.eecs.qmul.ac.uk’.
This change will not affect the EECS Managed Desktops, which will keep using the networks shares via ‘tofu’ using the SMB/CIFS protocol. Also, printing from unmanaged devices (which requires SMB connection to frank.eecs.qmul.ac.uk) will not be affected.
What’s the alternative to access any network share?
Access to group shares on frank, from now on, only allowed over the SSH or sFTP protocol on port 22, using one of the recommended software and the settings described here: SFTP (Secure FTP)
Why did we do that?
Recent malware and ransomware attack vectors can affect, not only a personal client device, but also any network shares attached to them via SMB protocol. Blocking group shares over SMB protocol and using the SSH/sFTP protocol instead, reduces significantly -if not eliminates- the security risks from any infected self-managed devices to also infect any Staff/Research network shares .
How secure are my data?
Users on EECS Managed Desktops do not have Administrator privileges so accidental infection of the desktop and the underlying network shares is highly unlikely with the current attack vectors. Also, all Staff Home directories and a large number of Research Group Shares are been backed up regularly.
Users on unmanaged devices (laptops, self-managed desktops) should make sure that they keep a backup of their local data, to avoid total data loss in case their device is infected.