Cyber Security has become aware of a phishing campaign that is carrying a ransomware attachment. The message from address is forged and appears come from copier@*.gatech.edu (e.g. copier@oit.gatech.edu). We've run a search on the Ironports and have identified this as a broad campaign that is targeting all/most of the campus subdomains. The email in question contains a .docm attachment which is the payload that infects not only the machine, but any physically attached storage, as well as any network mounted storage. Please be aware that this is NOT one of the Cyber Security phishing campaigns. This is a legitimate threat. Please alert your users that they should not open any emails or attachments appearing to be coming from a copier@*.gatech.edu address.