New phishing attack

The Institut Pasteur is currently targeted by a phishing attack trying to infect computers with “ransomware” software.

Some emails from people posing as someone you may know or work with, contain a malicious attachment which, when executed, encrypts your data and asks for a ransom to be paid. One of the emails looked like this:
 
Warning : as opposed to regular phishing, the content of these emails is very convincing and cannot be identified straight away as malicious.

These emails are generally requests referring to an ongoing conversation with a legitimate partner, who then asks you to download an attachment.

Please read, follow and apply the instructions below.
 

▲ A quarantine on some emails attachments, notably those with “macro”, will be applied. All emails with macro will be systematically sent to your quarantine folder. If you wish to access legitimate documents with macros sent to you, you will have to manually retrieve them from the quarantine. Be very careful when doing so.
 
▲ If you have downloaded a file or opened an attachment in a similar emails, please:
o   Unplug your computer immediately from the network (disable wifi, unplug the network cable and/or activate airplane mode)
o   Ask a colleague or use your personal email to contact rssi@pasteur.fr and specify your location at the campus, your type of computer, the description of the email and the attachment received. We will get back to you regarding the process according to your situation (on location, remote working, etc.)
 
▲ If you did receive such emails but did not open the attachment, you’re not at risk. Please transfer the malicious email as an attachment to rssi@pasteur.fr .

Currently, the incident is contained and did not have any major impact.
 
Do not hesitate to report any message or behavior that seems suspicious to you at rssi@pasteur.fr (only for IT security issues, for any other urgent problem please contact informatique@pasteur.fr ).