Print

Print


Geoff and I were just discussing this.  We want to be certain that people understand that while a Windows 10 PC cannot be infected by WannaCry, it can lose access to shared drives that get encrypted by a different PC that does become infected.

 

- Frank

 

On 5/15/17, 12:21, "[log in to unmask] on behalf of Geoffrey Duke" <[log in to unmask] on behalf of [log in to unmask]> wrote:

 

A couple of quick follow-up points:

 

Windows 10 PCs are not affected by this attack.

 

Microsoft’s antimalware definitions were updated to detect and block this threat as of the 1.243.297.0 update. These definitions are used by:

 

Tool

Operating System

Management state*

Windows Defender Antivirus (built-in)

Windows 10, Windows 8.1

Managed and unmanaged

System Center Endpoint protection

Windows 7

Managed

Microsoft Security Essentials

Windows 7

Unmanaged

 

*UVM-owned Window computers that are joined to the CAMPUS domain are managed, in that the antimalware definitions are pushed to them through a central management service.

 

Managed system should be received this update in March, and as part of subsequent month’s cumulative security roll-up.

 

For the curious, the Microsoft Malware Protection Center blog has a detailed, yet readable, technical post describing this threat:

https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

 

—Geoff

 

Geoffrey Duke

802.656.1172 | Sr Systems Administrator | Enterprise Technology Services | University of Vermont

 

 

 

 

 

From: Technology Discussion at UVM [mailto:[log in to unmask]] On Behalf Of Mark Ackerly
Sent: Monday, May 15, 2017 10:21 AM
To: [log in to unmask]
Subject: WannaCry Ransomeware

 

To All,

As most of you have likely already seen on the news, there is a nasty ransomware making the rounds and impacting hundreds of organizations worldwide.  Currently WannaCry is credited with impacting over 200,000 machines in over 150 countries.  Below are a couple of highlights which are critical to understanding the threat it poses to the University.

 

What to Know:

·         The initial infection vector is still being investigated but is believed to be by compromised RDP session and/or a Phishing email.

·         The Ransomware will spread within a network through a Microsoft SMB Vulnerability which was patched in March 2017 (MS17-010).

o   This is of particular risk to unmanaged machines that may not be up to date on patches.

·         The Ransomware will encrypt networked files the user has access to.

 

What to Do:

·         Ensure endpoints and servers are fully patched.

·         Ensure that important data is properly backed up.

·         If a machine is infected, immediately remove it from the network and contact the Information Security Office ([log in to unmask] or 802-656-2123)

 

An infected machine will display the following message and contain a file named !Please Read Me!.txt.

 

[log in to unmask]">

Source: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware

 

[log in to unmask]">

Source: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware

 

 

Mark Ackerly, CISM | Information Security Officer

The University of Vermont

P: 802-656-1174 | [log in to unmask]