WannaCry Ransomware Cyber Attack

 

Ransomware is malware also known as malicious code that renders a user’s electronic device inoperable by encrypting data on a user’s hard drive and any attached storage devices (i.e. iCloud, OneDrive, share drive, thumb drive, USB drive, etc.) and asking the user to pay a ransom in order to regain access to his or her data.

On May 12, 2017, cyber criminals launched a worldwide ransomware cyber attack known as WannaCry targeting supported Microsoft Windows operating systems such as Windows 7, Windows 8, Windows 10 and non-supported operating Microsoft Windows based systems such as Windows XP and Vista. Prior to WannaCry, ransomware attacks were triggered through social engineering when a person clicked on a link within an email causing the data on their hard drive and attached storage (i.e. iCloud, OneDrive, share drive, thumb drive, USB drive, etc.) to become encrypted.  What makes WannaCry an even greater threat than the behavior previously experienced with ransomware is that WannaCry doesn’t require a person to do anything. WannaCry takes advantage of a Microsoft Server Message Block (SMB) vulnerability that Microsoft previously issued a patch for. Microsoft has categorized the vulnerability at a severe alert level. Cyber criminals are exploiting the vulnerability by using a hacking tool that searches for online Windows devices that haven’t been patched. Once an unpatched Windows device is located, the WannaCry ransomware encrypts data which prevents a user for access his or her data.

What are aliases For WannaCry?

Other names for the WannaCry ransomware include WCry, WanaCrypt, WanaCryptor, and Wana Decryptor.

How do you know if you're a ransomware victim?

You will see either the image below or one similar to it notifying you that your data has been encrypted and that you have to pay a ransom to regain access to your data.

Google Doc Phish Tweet

Image courtesy of Symantec.com

What do you do if you're a ransomware victim?

Call Aggie Tech Support immediately at 336-334-7195.  Even though you might not be able to use your device, go to another device and send an email immediately to Aggie Tech Support (helpdesk@ncat.edu) or IT Security Services (itsecure@ncat.edu).  DO NOT PAY THE RANSOM!!

 

What has Information Technology Services (ITS) done to address the issue?

ITS has taken preventative measures to protect the university infrastructure and devices.  ITS has also communicated the threat to our campus community.

 

What can you do to help protect yourself from ransomware?

  • Make sure that your Windows devices ALWAYS have the latest Microsoft patches installed which includes a fix for the SMB vulnerability. This includes laptops and other Windows based operating system devices that you have or use remotely (i.e. at home, etc.).  Microsoft also has a patch for non-supported Microsoft Windows operating systems such as Windows XP and Vista.  ITS highly discourages the use of non-supported operating systems.

 

  • Routinely keep a backup copy of your data.  Consider having at least two backups in the event one of your backups is rendered unusable.

 

  • Connect to external storage (i.e. iCloud, OneDrive, share drive, thumb drive, USB drive, etc.) only when needed. 

 

Ransomware incidents are on the rise.  Remember the Triple A's...ASK, AVOID, and ALERT...in order to detect and prevent ransomware.   http://www.ncat.edu/divisions/its/cybersecurity/Phishing%20and%20Ransomware%20-%20Detection%20and%20Prevention.html

References

https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware

http://thehackernews.com/2017/05/wannacry-ransomware-unlock.html