RESOLVED: "Wannacry" ransomware attack

Information Technology Services (ITS), in collaboration with the Information Security Office (ISO), are working to improve the campus's security posture in response to the "Wannacry" ransomware attack. What is it? "Wannacry" is a ransomware program targeting the Microsoft Windows operating system. On 5/12, a large cyber-attack was launched using it, infecting more than 230,000 computers in 150 countries, demanding ransom payments. [1] How is it spread? The attack spreads by phishing emails, but also can directly infect any exposed systems throughout a network which have not installed recent security updates. Systems still running exposed older, unsupported operating systems were initially at particular risk, such as Windows XP and Windows Server 2003, but Microsoft has now taken the unusual step of releasing updates for these. [1] What is being done to protect campus? Remediation efforts began over the weekend as vulnerable systems were identified and technical contacts were notified. Work to secure these systems continues this morning and monitoring tools are being leveraged to identify any new threats. The ITS email team has also been engaged in an effort to update the campus email defenses to specifically protect against this attack. What should I do? • If you think you have been targeted, please notify your departmental technical support or the ITS Service Deskimmediately. • If you use Windows, please ensure you have this patched installed. Contact your departmental technical support or the ITS Service Desk for assistance. • Update your antivirus software. • Make sure any local data is backed-up to a secure location (e.g., UT Backup, UT Box). Further updates will be follow as more information becomes available. [1] https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

Latest Update: 2019-01-12 04:02:22 - The campus' response to the Wannacry threat has largely been addressed without incident and many are to thank for this cooperative campus-wide effort. Some units are still in the process of remediating systems, but all vulnerable systems have been isolated so as not to present a threat to the campus network. Units are strongly encouraged to stay vigilant and to evaluate systems returning to campus in the Fall that might also be vulnerable. The Information Security Office will continue to identify systems posing a threat to campus and will work with local IT Support Staff to remediate accordingly.