Protect your PC!

May 15, 2017

Dear colleagues,

The patches that Partners IS  pushed to standard-build workstations over the weekend have been successful in containing the Qakbot virus that was locking users out last week. They are making significant advances in reimaging any computers that were forced offline and hope to have all standard-build workstations fully operational soon.

At the same time, as an organization, we are taking steps to protect ourselves against the ransomware attacks that are affecting networks all over the world. As you have seen in the news, this is a serious and widespread attack and we need to be especially vigilant in ensuring that our network is safe.  Here’s how you can help.

If your machine is a standard-build Partners workstation (PC), you have had the March and April Microsoft patches pushed to your computer and your computer should be protected. If you see this message, you may need to restart your computer for the update to take effect:

If you are a member of Dana-Farber’s Research community or use a non-standard Windows or personally-owned devices for Partners' business, it is your responsibility to keep your device and software up-to-date. You will need to take the following steps:

  1. Apply the latest Windows updates. Read More
  2. Install Trend Micro antivirus (AV) software and run a full scan.Read More
  3. If your machine has been infected with Qakbot, a third action is required to disable the task scheduler, reboot, update AV, run a full AV scan, remediate any infections, enable task scheduler, then reboot the device. Read More

Please also be aware that attackers are spreading the ransomware through multiple channels, including email. Please be extremely careful about opening email attachments and clicking on web links. Do not open any links or attachments unless you are certain of the sender and content. Please forward suspicious messages to, or click on the PhishMe button in Outlook, then immediately delete the message.

Lastly, be on the lookout for "social engineering" attacks, whether by telephone, email or any other means. At least one organization in the U.S. has had an individual call into that hospital claiming to be from Microsoft and offering support if given access to their computers. If you receive a call from someone claiming to be from Microsoft, call the Help Desk immediately at 617-632-3399.

Thank you for your support and cooperation as we take these extra precautions.


Mark Tomilson
Information Security Officer