Campus Response to "WannaCry" Ransomware Attack-Computing Services ISO - Carnegie Mellon University

Tuesday, May 16, 2017

Campus Response to "WannaCry" Ransomware Attack

Dear Members of the Carnegie Mellon Community,

As you may have learned over the weekend, there is a world-wide ransomware attack known as “WannaCry” hitting the Internet.  More on ransomware below.  It has affected hundreds of thousands of computers in over 150 countries but you don’t have to be a victim.

No campus infections have been detected to date thanks to pre-existing network blocks, recent patching activity, on-going vulnerability scanning, and your due diligence especially related to identifying and reporting email scams.

You can greatly reduce your chances of being infected with any type of malware including ransomware by following the usual security best practices.

  • Stay up to date with software patches and don’t delay restarting your computer after patches have been applied.
  • Verify the authenticity of links and unexpected attachments in email before clicking.
  • Use a separate non-administrator account for day-to-day use.  Malware generally can do more damage and spread faster with administrator privileges.
  • Run anti-virus software with current malware signatures.
  • Have recoverable backups of your files and store them in a safe, off-line location.

Ransomware is malicious software that is usually delivered via an email attachment, through a link directing you to download a shared document, or by visiting an infected website.  Recipients are tricked into running the malware which encrypts the files stored on their computer and any other networked storage like mapped drives.  Unless there is a restorable backup copy, the recipient’s only option to recover their files may be to pay the ransom.      

In the case of “WannaCry”, one infected computer can infect other vulnerable, unpatched computers on the same network without further user interaction.  This is one reason why “WannaCry” has spread so quickly.

Computing Services, the Information Security Office, and your local support providers are hard at work identifying vulnerable computers and patching them.  We are also adding network blocks and checking for signs of campus infections.  

If you receive suspicious email or suspect ransomware or other malware may be infecting your computer, continue to report as soon as possible to iso-ir@andrew.cmu.edu.  The sooner we know, the sooner we can mitigate the impact to you and to the community.

For more security safeguards, information about ransomware, as well as procedures for responding to suspected compromise, please visit the ISO’s website.

As always, we appreciate your timely reports, suggestions for improvement, and continued support. 

Sincerely,

Mary Ann Blair

Chief Information Security Officer

Information Security Office

Computing Services

Carnegie Mellon University

https://www.cmu.edu/iso

Phone: 412-268-8556

ISO Hotline: 412-268-2044