Dear Students, Faculty, and Staff,

We continue to see emails that contain a malicious attachment. Most of these attachments are Word files (with .docm extension). But they can also be Excel, PowerPoint, zip, or JavaScript (with .js extension) files. The files come in emails with urgent sounding subject lines and faked semi-familiar email addresses like:

  •  Attached Image (from scanner@qatar.cmu.edu)
  • Order conf. 3360069… (from Abigail Jones …)
  • Invoice Overdue
  • Your receipt

Often, there is nothing more than the attachment in the email. Opening these attachments triggers the download of a malicious software that proceeds to encrypt your files and when successful, demands ransom. If the malware gets this far, your only options are to either restore files from a prior backup or pay the ransom to decrypt the files.

  • If you see a similar email, please delete it.
  • If you are not sure, please forward it to us (helpcenter@qatar.cmu.edu) and we will evaluate it.
  • If you accidentally opened the attachment, immediately power OFF your system and call me (5596-3818) or Jerome (5586-9013) so we can help with recovery.

Khalid Sarwar Warraich | Chief Information Officer

Malicious attachments attacks continue