Service Request Ticket - # 75825

Service Request Information

CONTACT Name Hedgepeth, Sandra   View open tasks   View tasks from last 30 days   Schedule Change Contact Date Mar 30, 2020 01:24 PM
Department Creative Arts/Theater-Dance Phone 88739
Location Email hedgepes@wou.edu Request for more information Send 'Keeping in touch' email Send 'I'm thinking of you' email
SR INFO Type WOU #
Priority Equipment Type
Status Flagged
Description
Laptop Edit WOU # 20190421[Edit Inv] (opens in a new window) Bldg/Room RA 107
Service Tag Description Apple 13in MacBook Pro Touch Ba SpcGry #MUHP2LL/A
Serial No. FVFZ5Z70L410 Location Sandy Hedgepeth, Assoc. Professor, Dept Head

CPU Intel Core i5(1.4GHz quad-core, 8thGEN)


OS MAC OS X 10.14 (Mojave) Software Microsoft Office from XXXX2019009325; Adobe CC Suite NAMED USER [Adobe ID hedgepes@wou.edu];

Wireless NIC A4:83:E7:6D:9A:0C


Bluetooth NIC A4:83:E7:7B:66:E3

TECHS Submitted by Brittany Franklin Contact franklinb@wou.edu 89267
Primary Technician Contact rushingj@wou.edu 89242

Tracking

Entered by Date Memo
John Rushing
Email

Public
Entered by Date Memo
John Rushing Mar 30, 2020 03:12 PM 
Status changed from (1) Pending to (5) Completed
 Add Attachment
John Rushing Mar 30, 2020 03:12 PM 
Remote session, uninstalled app and deleted trash.  
Ran scan and found nothing.
 Add Attachment
John Rushing Mar 30, 2020 01:47 PM 
I left a voice message and also create a JAMF delete 
file policy.
 Add Attachment
Megan Thibeault Mar 30, 2020 01:26 PM 
Task reassigned to John Rushing.
 Add Attachment
Megan Thibeault Mar 30, 2020 01:26 PM 
Can you work on a remote session with Sandy to get this cleaned up per Ellis' request.
 Add Attachment
Brittany Franklin Mar 30, 2020 01:24 PM 
Task reassigned to Megan Thibeault.
 Add Attachment
Brittany Franklin Mar 30, 2020 01:24 PM 
Sophos Central Event Details for Western Oregon University

What happened: We detected ransomware trying to encrypt files.

Where it happened: W20190421

Path: ∕Applications∕Screencast-O-Matic v2.0.app∕Contents∕MacOS∕launcher

What was detected: CryptoGuard

User associated with device: W20190421\hedgepes

How severe it is: High

What Sophos has done so far: We have blocked the ransomware’s file-system access. If the computer is a Windows workstation or server, we clean up the ransomware automatically. If it’s a Mac, you need to clean up manually.
 Add Attachment