Geoff and I were just discussing this.  We want to be certain that people understand that while a Windows 10 PC cannot be infected by WannaCry, it can lose access to shared drives that get encrypted by a different PC that does become infected.


- Frank


On 5/15/17, 12:21, "[log in to unmask] on behalf of Geoffrey Duke" <[log in to unmask] on behalf of [log in to unmask]> wrote:


A couple of quick follow-up points:


Windows 10 PCs are not affected by this attack.


Microsoft’s antimalware definitions were updated to detect and block this threat as of the update. These definitions are used by:



Operating System

Management state*

Windows Defender Antivirus (built-in)

Windows 10, Windows 8.1

Managed and unmanaged

System Center Endpoint protection

Windows 7


Microsoft Security Essentials

Windows 7



*UVM-owned Window computers that are joined to the CAMPUS domain are managed, in that the antimalware definitions are pushed to them through a central management service.


Managed system should be received this update in March, and as part of subsequent month’s cumulative security roll-up.


For the curious, the Microsoft Malware Protection Center blog has a detailed, yet readable, technical post describing this threat:




Geoffrey Duke

802.656.1172 | Sr Systems Administrator | Enterprise Technology Services | University of Vermont






From: Technology Discussion at UVM [mailto:[log in to unmask]] On Behalf Of Mark Ackerly
Sent: Monday, May 15, 2017 10:21 AM
To: [log in to unmask]
Subject: WannaCry Ransomeware


To All,

As most of you have likely already seen on the news, there is a nasty ransomware making the rounds and impacting hundreds of organizations worldwide.  Currently WannaCry is credited with impacting over 200,000 machines in over 150 countries.  Below are a couple of highlights which are critical to understanding the threat it poses to the University.


What to Know:

·         The initial infection vector is still being investigated but is believed to be by compromised RDP session and/or a Phishing email.

·         The Ransomware will spread within a network through a Microsoft SMB Vulnerability which was patched in March 2017 (MS17-010).

o   This is of particular risk to unmanaged machines that may not be up to date on patches.

·         The Ransomware will encrypt networked files the user has access to.


What to Do:

·         Ensure endpoints and servers are fully patched.

·         Ensure that important data is properly backed up.

·         If a machine is infected, immediately remove it from the network and contact the Information Security Office ([log in to unmask] or 802-656-2123)


An infected machine will display the following message and contain a file named !Please Read Me!.txt.







Mark Ackerly, CISM | Information Security Officer

The University of Vermont

P: 802-656-1174 | [log in to unmask]