Update on the Wanna Cry Ransomware Attack
As you might be aware from different news outlets, IT professionals have been fighting a ransomware attack over the last three days known as Wanna Cry. Ransomware is a type of virus that infects computers, and then prevents the user from accessing the operating system, or encrypts all the data stored on the computer. To free the computer from the virus, the user is asked to make a payment to receive a decryption key.
Once a computer is infected, Wanna Cry encrypts all the data on a user’s computer and asks the user to send $300 U.S. in bitcoin, to receive the decryption key. Bitcoin is an untraceable online currency that utilizes blockchain. You can find out more about bitcoin on https://en.wikipedia.org/wiki/Bitcoin. If the user does not pay the ransom within three days of being infected, the ransom doubles and after seven days Wanna Cry will erase all data on a user’s computer.
IT cannot decrypt a machine that has been infected with Wanna Cry.
Who is vulnerable?
Wanna Cry exploits a vulnerability in the Windows Operating System and affects all users running Windows XP, Vista, Windows 8 & 8.1, Windows 7, and Windows 10. Additionally, Windows Server operating systems are also affected.
What can I do to prevent an infection?
You can immunize your machine against the Wanna Cry ransomeware by ensuring that the updates on your Windows machine are up to date. Microsoft had released a patch for this vulnerability in March of this year.
For all managed machines on campus ie. ones with a Novell Login, we have been pushing out the update to all machines on our network. This process is automated and will prompt you to install the update once received by your machine. See associated image to this post.
We ask that you install the update immediately. Should you choose not to install the update immediately, it will be automatically installed for you at 3 am should you leave your machine on and connected to our network.
It is important for all users of managed machines to leave their machines on and to keep them connected to our network.
For users with unmanaged machines, run your Windows update immediately to immunize your system. Should you wish to learn more about the patch that is available for this vulnerability or you wish to install the patch separately from Windows Update, you can visit the following link:
What Can I do if I Get Infected?
For managed users, while IT cannot retrieve data that is stored locally on your machine, we can re-image your machine and help you reconnect to your data on the H:\ and S:\ drive. Additionally, be assured that you have not lost your e-mail, calendars, or contacts in Outlook as they are safely stored in our Office 365 cloud. We ask that users do not pay the ransom. There are no guarantees that you will receive the decryption key. Additionally, you would be engaging in behaviour that would encourage “ransomware” to continue as a money-making scheme.
How Big is the Problem at Trent?
We have gotten ahead of this problem in many respects and have had no reported cases. Our Windows Servers are patched and up to date and many of our user machines are already patched.
What Else Can I do to stay safe?
- Be wary of visiting unsafe or unreliable sites.
- Never click on a link that you do not trust.
- Do not open files received from unknown senders. No matter how legitimate they sound.
- Keep your files backed up regularly and periodically to our H:\ and S:\ drives.
- Use anti-virus software.
- Ensure that your Windows Updates are always up to date.
Associate Vice President, IT
P.S. Missed a Tech Bulletin? Please go to http://www.trentu.ca/tech-bulletins/ to review the Tech Bulletin archives.
Posted on May 16, 2017