May 16, 2017 update:
Additional resource: Wana Decrypt0r (Wanacry Ransomware) - Computerphile (YouTube video summary and explanation, 15 minutes)
May 15, 2017 update:
What You Can Do
- Update Windows! Microsoft has taken the unusual step of providing updates to versions of Windows (such as XP) that are no longer supported. If you have personal machines running outdated software, take advantage of these updates and apply them ASAP. See Microsoft's Guidance for WannaCrypt Attacks.
- Remove machines with vulnerable software from U-M networks. Devices running out-of-date, unsupported software should NOT be connected to U-M networks or systems. There are situations where use of unsupported software is required for legitimate business purposes. In these situations, alternative mitigations, such as restricting network access, can be used.
Updated News Reports
Impact in U.S. lessened by disabling of the original malware. There are reports that a British researcher helped "to stanch the spread of the assault by identifying the web domain for the hackers’ “kill switch” — a way of disabling the malware" (The New York Times). There are additional reports of new variants of the malware with different kill switches and some with none at all.
- Cyberattack Is Blunted as Governments, Companies Gain Upper Hand (Bloomberg, 5/15/17)
- WannaCry ransomware cyber-attacks slow but fears remain (BBC News, 5/15/17)
- Factbox: Don't click - What is the 'ransomware' WannaCry worm? (Reuters, 5/13/17)
- How One Simple Trick Just Put Out That Huge Ransomware Fire (Forbes, 5/13/17)
- How to Accidentally Stop a Global Cyber Attack (MalwareTech, 5/13/17)
- Two days after WCry worm, Microsoft decries exploit stockpiling by governments (ArsTechnica, 5/15/17)
- WannaCry Kill-Switch(ed)? It's Not Over! WannaCry 2.0 Ransomware Arrives (The Hacker News, 5/13/17)
- WCry/WanaCry Ransomware Technical Analysis (EndGame, 5/14/17)
Sent Via Email to U-M IT Staff Groups May 12, 2017
You are no doubt seeing reports and articles about a global ransomware attack that is affecting hospitals in the United Kingdom, as well as other organizations around the world. There are no reports of large-scale infections in the U.S. Your co-workers may be asking you if this is likely to have any effect here at the university.
Information Assurance (IA) is monitoring the situation. In general, though, if people keep their devices updated as recommended on Safe Computing (see Secure Your Devices), systems should be protected.
Updates and Anti-Virus Offer Protection Against this Attack
The malware that appears to be behind the attack (called WannaCry or WannaCryptor), exploits a vulnerability in Microsoft Windows (MS17-010) for which Microsoft released patches in March.
Action Item: Make sure your systems were updated!
Updates were distributed to MiWorkspace machines in March. As long as people have set their own Windows operating system for automatic updates, their computers are not vulnerable to this particular attack.
Safe Computing Is the Best Protection
Malicious email attachments and links to malicious websites are also being used to spread the ransomware. Learn how to protect yourself from ransomware at Ransomware: Don't Pay the Ransom!
In general, the best protection for your devices is this:
- Keep your software and apps up-to-date.
- Do not click suspicious links in email.
- Do not open shared documents or email attachments unless you are expecting them and trust the person who sent them.
- Use secure, trusted networks.
- U.K. Hospitals Hit in Widespread Ransomware Attack (Krebs on Security, 5/12/17)
- WannaCry Ransomware Hits Systems Worldwide (Graham Cluley, 5/12/17)
- Hackers Hit Dozens of Countries With a Stolen N.S.A. Tool (The New York Times, 5/12/17)
- Factbox: Don't click - What is the 'ransomware' WannaCry worm? (Reuters, 5/12/17)
- An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak (Forbes, 5/12/17)
- Microsoft Security Bulletin MS17-010 (Microsoft, 3/14/17)