Cybersecurity firms are warning of an additional attack that targets the same vulnerabilities targeted by the WannaCry ransomware. Unlike WannaCry, this is not a ransomware attack. Instead the attackers take control of your computer and use it to mine virtual currency (cryptocurrency).
The issue for you is that even though the attackers haven’t yet encrypted your files and demanded a ransom, they’re still able to do that at any time, and they also have access to all files stored on your computer. You MAY notice a slowdown in how fast your computer runs or be unable to access specific resources.
This attack is spreading through an internet worm. Internet worms do not require user interaction. They WILL infect computers that are not patched for the specific vulnerability they’re attacking.
What you should do
- Ensure that your computer is up to date with patches. Unpatched Microsoft systems are vulnerable to these Wannacry ransomware variants.
- Ensure that you’re backing up your information before you’re attacked. Contact your Service Desk if you need more information.
- Use a strong password and don’t share it.
- If you receive an email with an unexpected attachment or link, verify with the sender BEFORE opening the attachment or clicking on the link. Your colleague’s account may be compromised. The malicious email may come from them.
- Please submit suspected phishing/spam to ITS by creating a new mail note to firstname.lastname@example.org and attaching the suspicious email. Then delete the suspicious email and/or attachment.
- If you administer your computer ensure that anti-virus/anti-malware is up to date and functioning.
- If you have clicked on a suspicious link or opened a suspicious attachment, change your password and contact your Service Desk immediately.
What RIT is doing
- Distributing a patch for ITS-managed computers. (Unpatched Microsoft systems are vulnerable to these Wannacry malware variants.)
- Distributing updated virus definitions (DATs)
- Monitoring the attacks and adjusting defenses to meet them
For more information
- Another large-scale cyberattack underway: experts, https://www.yahoo.com/tech/another-large-scale-cyberattack-underway-expe...
- Adylkuzz Cryptocurrency Mining Malware Spreading for Weeks Via EternalBlue/DoublePulsar, https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrenc...
- “Cryptocurrency,” https://en.wikipedia.org/wiki/Cryptocurrency
- RIT Information Security Ransomware Page, https://www.rit.edu/security/content/ransomware-0
If you have any questions, please contact us or your service desk.
Quick Infosec Tip: It's too late to protect yourself from ransomware after you're attacked. Back up your data today.
Reminder: The RIT Information Security Policies and Standards are designated to help keep RIT and the RIT community safe from cybersecurity threats.