OIT Alerts

Title

OIT CYBER ALERT WannaCry Ransomware

Alert Type

Information

Subject

OIT CYBER ALERT: WannaCry Ransomware

Message

With recent reports of a global Ransomware cyber-attack, the following advisory is being sent to provide information and recommended actions to take.  Please review the below information:

 

WannaCry Active Ransomware Outbreak

There is an ongoing, fast and widespread ransomware attack against Microsoft Windows machines, with reports of as many as 300,000 infections in countries around the world. The software can run in different languages, matching the operating system language settings.

This malware is variously known as WannaCry, WannaCrypt, WannaCryptor, or Wcry. It works by encrypting your data and requesting a ransom of .1781 bitcoins, or roughly $300.

Initial reports indicate it spreads in multiple ways, including e-mail attachments, via Remote Desktop Protocol (RDP) compromise, and through the exploitation of a critical Windows (SMB) vulnerability. Once a machine is infected, it tries to further spread the ransomware via file sharing using SMB file sharing that is not password protected.

On Friday, May 12th, Microsoft released additional patches that everyone should apply to their Windows systems as soon as possible. 

NOTE: The Office of Information Technology has deployed critical Microsoft patches for all Windows operating systems in accordance with Microsoft’s recommendation. As a user of a Microsoft Windows computer system, you may be prompted to restart your computer to ensure the critical patches are installed on your computer. We asked for your cooperation in ensuring all Windows computers are properly updated with the critical patches so they are protected from this ransomware attack. We have received no reports of any instances of this ransomware on campus.

General recommended steps you can take now include:

  • Make sure your Windows operating systems are updated and current as of the latest patch released May 12th, 2017.
  • Make sure you have anti-virus (AV) and/or anti-malware software running and scanning your machine and that it is updated to the latest AV definitions.
  • Make sure all your (SMB) network shares are password protected.  Consider disabling them during this outbreak.
  • Don't open e-mail attachments if you are not expecting them or are unsure of the sender. 
  • Consider disabling MS Office macros in files transmitted via e-mail.
  • Consider using Office Viewer or some other previewing software to view MS Office attachments sent via e-mail, rather than using the full Office Suite.
  • Make sure you backup your data often using CrashPlan Pro Desktop backup service offered by OIT, so you can recover from any loss, including loss of your data from ransomware attacks.
  • Review your Computer Patch Indicator status within the UTSA InSight application (insight.utsa.edu)

 

Please contact the Office of Information Technology at oitconnect@utsa.edu if you have any questions.

Activate

05/16/2017

Deactivate

05/23/2017