Computer Security Advisory: ‘WannaCry’ Ransomware


Computer Security Advisory for All University Faculty & Staff E-mail Recipients

Starting last Friday (5/13/2017) computer security researchers and news media began sharing information about a new computer security attack called ‘WannaCry’. This attack is another variation of malicious software referred to as ‘ransomware’. When a computer becomes infected with ransomware, this malicious code attempts to encrypt (scramble and password-protect) as many data files as it can find available. This occurs not only to the local computer but also to any attached drives and network shares to which  your user account has write access. This tactic is called ransomware because the only way to regain access to those encrypted files is to pay a fee – a ransom often starting at $300 and up – to the criminals. If the victim does not pay, then the only other recovery method is to restore the files from a secure backup location.

There have been no major outbreaks reported on the University campus network nor detected by campus network security services. We attribute this in part to faculty and staff cooperation with regular computer software updates, increased information security awareness, and not being heavily targeted (yet) by computer criminals.

If you are responsible for software updates whether on your personally-owned computer, a University-owned computer or a group of your department’s computers, we ask that you take a moment to review the following guidance.

How can you minimize risk to University- and personally-owned computers?

We trust that the following guidance should sound familiar when we remind you that the best defense is to already be following computer security best-practices:

  • Is Your Software Updated and Supported? – Be sure all of your computers – whether located on-campus or off-campus – are running the latest supported operating system, security and application software appropriate for your academic or business unit. This is not simply so we can say we run the ‘latest-and-greatest’. Rather software authors focus their efforts on their latest products so they will include the latest security features as well as fix known-security bugs. For a PC: we strongly suggest Microsoft Windows 10 ver 1607 and later and Symantec Endpoint Protection v. 14. Windows XP, Windows Vista and Windows 8.0 are no longer supported; For a Mac: you should be at Mac OS 10.12.x and Symantec Endpoint Protection for Mac v. 14. Mac OS prior to 10.10 (Yosemite) is no longer supported. Marshall University Information Technology provides the above recommendations. Please consult with your campus IT Support team for configurations supported by the MU School of Medicine and Marshall Health.
  • Are you Patched? – Be sure all of your computers – whether located on-campus or off-campus – are configured to automatically receive and apply security updates when they are released. For a PC: Use Windows Update and make sure both Critical and Important Updates are applied. For a Mac: Go to your Apple menu click ‘About this Mac…’ and then ‘Software Updates’ or open the App Store and click on the ‘Updates’ icon.
  • Is Your Important University and Personal Data Backed-up? – Take steps now to have a backup copy of important documents and data. For items which are essential to University or Department operations, these should be saved to a secure location (such as a campus-managed fileserver) which has a regularly scheduled backup. For personal items, use of an external hard drive or high-capacity thumb-drive which can be attached for backup then promptly disconnected, is highly recommended. Remember, ransomware will attempt to encrypt any and all data files which you have write access. Recovery is limited to those items which were inaccessible by the user (campus-managed backups) or were offline (disconnected hard drive or thumb-drive) at the point of infection.
  • Are You Being Cautious with E-mail and Websites? – Always exercise suspicion for unsolicited e-mail and unfamiliar web sites, particularly those which urge you to ‘open this attached file’ or ‘click this web page link’ for some urgent action. Many of us work in areas where we do receive unsolicited documents and in those cases, ask a trusted colleague or an IT support resources for a second opinion before opening the message. A mobile device may be used in cases where you want to preview the file, but understand that the malicious payload may only be designed to affect a desktop or laptop computer. This allows you to delete the file or entire message before ever attempting to preview/open it on the computer.
  • Report Suspicious Computer Behavior, Alerts, or E-mail Messages – We understand that it is difficult for everyone to stay up-to-date and how they should respond to an ongoing stream of important computer security issues. You can assist by reporting  unexpected or suspicious activity to computers located to your closest campus Information Technology Support or IT Information Security professional.Please reach out to one of the following IT Service Desk or IT Service Provider contacts: