The Office of Technology Services (OTS) is aware of a new malicious software program named “WannaCry” that has recently made news through large-scale infections in at least 99 different countries, crippling computers worldwide.
What is WannaCry?
WannaCry is a type of malicious software known as ransomware, and in this particular case, exploits a flaw in Microsoft Window’s operating system. An attachment is most often downloaded as part of a phishing email scam, and then the recipient is tricked into running it. Once run on the computer, it encrypts files on the infected computer and network share drives, and the user is then required to pay a ransom fee to recover the files. One reason this malicious software has spread so aggressively is because it attempts to infect other computers on the network that do not have the latest security updates and are not protected against WannaCry.
Is TU affected?
OTS is not aware of any WannaCry-specific attacks to TU computers at this time, but urges the campus to take steps to protect personal computers that are used to remotely connect to the University and it’s data.
What you can do to protect yourself and the University
- If your personal Windows computer has not been updated, you should apply patches immediately to protect yourself.
- OTS recommends that all users install virus protection and the corresponding updates. Having the latest update (based on virus definitions) helps ensure that the software can detect the latest viruses.
- Do not reply to unsolicited emails or emails from unverifiable sources.
- Avoid clicking on or downloading unknown email attachments, as these may lead to sites that contain harmful software or any new variations of the WannaCry malware.
How to protect your personal Windows Computer
Microsoft released an update to address this particular vulnerability on March 14, 2017, but if your Windows computer has not installed that update, then it is vulnerable. To update your personal Windows computer:
- Install the update by running Windows Updates on your Windows device and choosing “Recommended Updates.” The specific update that needs to be installed is “MS17-010 – Critical.”
- Microsoft has also taken the extraordinary step to provide an update for older, unsupported operating systems. This means that even if you use Microsoft Windows XP or other legacy Windows installations, there is now a patch available: see Microsoft’s Customer Guidance for WannaCrypt Attacks.
Please contact the Office of Technology Services at 410-704-5151 if you have any questions regarding this announcement.