We’ve seen many reports about the WannaCry ransomware attack that has been hitting computers worldwide. Although a researcher was fortunate enough to accidentally stop the initial wave of attacks, recent reports indicate that the attackers will be launching a new round of attacks. Researchers suspect that initial infections may have occurred through phishing attacks. The WannaCry ransomware itself is promulgating as a worm through networks worldwide. Worms prey on vulnerabilities in unpatched computers. NO USER INTERACTION needs to occur to be infected.
Ransomware is malicious software that encrypts a victim’s hard drive and then demands that a ransom be paid in order to decrypt the contents. Ransomware may spread through infected attachments, malicious links, worms, and other vectors.
What you should do
- Back up your information before you’re attacked. (Back up your home computers as well!)
- Ensure that your computer is up to date with patches. Unpatched Microsoft systems are vulnerable to the WannaCry ransomware variant.
- If you administer your computer ensure that anti-virus/anti-malware is up to date and functioning.
- Use a strong password and don’t share it.
- If you receive an email with an unexpected attachment or link, verify with the sender BEFORE opening the attachment or clicking on the link. Your colleague’s account may be compromised. The malicious email may come from them.
- Please submit suspected phishing/spam to ITS by creating a new mail note to email@example.com and attaching the suspicious email. Then delete the suspicious email and/or attachment.
- If you have clicked on a suspicious link or opened a suspicious attachment, change your password and contact your Service Desk immediately.
What RIT is doing
- Distributing a patch for ITS-managed computers. (Unpatched Microsoft systems are vulnerable to the WannaCry ransomware variant.)
- Distributing updated virus definitions (DATs)
- Monitoring the attacks and adjusting defenses to meet them
For more information
- How to tell if you're at risk from the WannaCry ransomware and what to do if you have been attacked, http://www.cnbc.com/2017/05/15/ransomware-wanncry-virus-what-to-do-to-pr...
- RIT Information Security Ransomware Page, https://www.rit.edu/security/content/ransomware-0
- RIT Information Security Back Up Page, http://www.rit.edu/security/content/backing-your-data
- Microsoft Security Bulletin MS17-010 – Critical https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- Customer Guidance for WannaCrypt attacks, https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-fo...
- SANS ISC Infosec Forums https://isc.sans.edu/forums/diary/Massive+wave+of+ransomware+ongoing/22412/
If you have questions, please contact us or your service desk.
Quick Infosec Tip: Backups are critical. At some point your computer will crash.
Reminder: The RIT Information Security Policies and Standards are designated to help keep RIT and the RIT community safe from cybersecurity threats.