Dear faculty, students, and staff,

The email below is most likely at attempt to install ransomware. The email claims to come from the university “admin management” and contains a Blackboard icon, hoping to fool you into opening an attachment. The attachment is named “docx.html” and the name is supposed to confuse you in thinking that it’s a Word document. The file is actually an HTML file with malicious JavaScript code. (We are still analyzing the particulars of the malicious attachment.)

Please do not open the attachment and delete the email.

If you opened the attachment, please contact me immediately at 5596-3818 so we advise a safe course of action.

Thank you.

Khalid Sarwar Warraich | Chief Information Officer


From: Blackboard-Admin <>
Date: Wednesday, November 23, 2016 at 8:57 AM
To: Jim Gargani <>
Subject: 1 Important message


Dear [email address deleted],

You have received a new message from your University Technology Admin posted to you through the Blackboard Learning System.
Please find below attached information.

Admin Management

Phishing attack: most likely ransomware attack