UIT Alert: WannaCry ransomware alert - UPDATE

    Current Status

    ResolvedSecurity authorized Post: WannaCry ransomware to be removed.

    Affected Services

    No services are affected by this event.

    Event Updates

    IssueWannaCry ransomware alert - UPDATE
    May 13, 2017 , 11:06 AM

    Subject: WannaCry Ransomware Alert

    Updated Information: Saturday, 5/13/2017 - 10:35 am

    RISK ISSUE:

    A new version of ransomware known as WannaCry (also known as WCry, WanaCrypt and WanaCrypt0r) is spreading rapidly through some enterprise environments in Europe and now in the USA.  The danger in this particular strain of ransomware is that it has the ability to spread through a network among Windows computers.

    Computers missing a Windows patch released in March 2017 (MS17-010) can be easily infected. 

    CURRENT STATUS: This particular WannaCry ransomware outbreak seems to have been contained globally and we have not detected any impact to UH.  From our information, it appears the outbreak was terminated early due to a relatively simple oversight by the attackers and the mistake likely won’t be repeated again if a new attack is launched.

    CURRENT RISK: Until Windows systems receive the March 2017 (MS17-010) update they are still vulnerable and present a risk to the university.

    ACTIONS TO BE TAKEN:

     

    1. Immediately verify that ALL Windows Systems are updated with MS17-010.  Microsoft has just released an emergency security patch update  for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions. http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598.  If you still have ANY systems running these operating systems, including on enterprise IPs, update them immediately.
    2. Verify you have valid backups for your critical data.

     

    SUMMARY:

    We are still vulnerable to new variants of ransomware so keep your AV up to date, check your share permissions to make sure only authorized user have access, and most importantly make sure you have a backup procedure for important data. 

     

    Make sure your Windows systems are patched.  While this outbreak appears to be contained, given its initial effectiveness it seems likely someone will try again using this exploit.

     

    We are continuing to monitor the situation and will provide updates as more information becomes available.  Contact UIT Security at security@uh.edu if you have any questions.

     

    ResolvedSecurity authorized Post: WannaCry ransomware to be removed.
    June 2, 2017 , 8:00 AM
    Alert removed at the direction of Security.