Print

Print


Geoff and I were just discussing this.  We want to be certain that people understand that while a Windows 10 PC cannot be infected by WannaCry, it can lose access to shared drives that get encrypted by a different PC that does become infected.

- Frank

On 5/15/17, 12:21, "[log in to unmask]<mailto:[log in to unmask]> on behalf of Geoffrey Duke" <[log in to unmask]<mailto:[log in to unmask]> on behalf of [log in to unmask]<mailto:[log in to unmask]>> wrote:

A couple of quick follow-up points:

Windows 10 PCs are not affected by this attack.

Microsoft’s antimalware definitions were updated to detect and block this threat as of the 1.243.297.0 update. These definitions are used by:

Tool

Operating System

Management state*

Windows Defender Antivirus (built-in)

Windows 10, Windows 8.1

Managed and unmanaged

System Center Endpoint protection

Windows 7

Managed

Microsoft Security Essentials

Windows 7

Unmanaged


*UVM-owned Window computers that are joined to the CAMPUS domain are managed, in that the antimalware definitions are pushed to them through a central management service.

Managed system should be received this update in March, and as part of subsequent month’s cumulative security roll-up.

For the curious, the Microsoft Malware Protection Center blog has a detailed, yet readable, technical post describing this threat:
https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

—Geoff

Geoffrey Duke
802.656.1172 | Sr Systems Administrator<http://www.uvm.edu/~gcd> | Enterprise Technology Services<http://www.uvm.edu/it> | University of Vermont<http://www.uvm.edu/>





From: Technology Discussion at UVM [mailto:[log in to unmask]] On Behalf Of Mark Ackerly
Sent: Monday, May 15, 2017 10:21 AM
To: [log in to unmask]
Subject: WannaCry Ransomeware

To All,
As most of you have likely already seen on the news, there is a nasty ransomware making the rounds and impacting hundreds of organizations worldwide.  Currently WannaCry is credited with impacting over 200,000 machines in over 150 countries.  Below are a couple of highlights which are critical to understanding the threat it poses to the University.

What to Know:

·         The initial infection vector is still being investigated but is believed to be by compromised RDP session and/or a Phishing email.

·         The Ransomware will spread within a network through a Microsoft SMB Vulnerability which was patched in March 2017 (MS17-010).

o   This is of particular risk to unmanaged machines that may not be up to date on patches.

·         The Ransomware will encrypt networked files the user has access to.

What to Do:

·         Ensure endpoints and servers are fully patched.

·         Ensure that important data is properly backed up.

·         If a machine is infected, immediately remove it from the network and contact the Information Security Office ([log in to unmask]<mailto:[log in to unmask]> or 802-656-2123)


An infected machine will display the following message and contain a file named !Please Read Me!.txt.

[cid:[log in to unmask]]
Source: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware

[cid:[log in to unmask]]
Source: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware


Mark Ackerly, CISM | Information Security Officer
The University of Vermont
P: 802-656-1174 | [log in to unmask]<mailto:[log in to unmask]>