Incident Report Number: 2015-010

Artemis Server

Ticket Number: ​INC0024575

What happened?

The University of Alberta (U of A) Artemis server had some files impacted by a virus.

Who was affected?

FGSR users that access files on this server may have been affected by this issue.

What was the impact?

Affected users were unable to access some files.

What was the timeline of the incident?

Start: 2015/03/12 16:30 – IT support analysts became aware of an issue with the server.
2015/03/12 16:35 – IT support analysts determined that the server was impacted by a virus and the server was removed from the network.
2015/03/12 19:20 – The workstation was identified as the source of the virus and was isolated from the network.
2015/03/12 19:30 – Work began to restore the impacted files on the file server.
2015/03/15 11:00 – The restoration of files was completed. A scan was completed which confirmed the integrity of the server and the restored files.
End: 2015/03/15 11:00 – Access to the server was enabled and service was confirmed restored.

What was the root cause of the incident?

A user inadvertently infected their workstation with a virus. The virus affected the local workstation and a shared directory on the file server.

What was the work around and resolution for the incident?
Work Around

Not Applicable



Resolution

The files were restored and verified.

What are any recommendations to prevent this incident from occurring again?

Continued reinforcement of best security practices for all University of Alberta network users.

Updates

Not Applicable