May 15

Alert- New malicious software infecting Windows computers

Hello friends- Alert from SAS Computing below.

We are actively monitoring faculty and staff computers on campus, but please contact us with any questions! Restart and update your computers, and please make sure everything is up to date.

———–

Saturday May 13, 2017

To:      School of Arts and Sciences Faculty and Staff

From:  Warren Petrofsky, Senior Director, SAS Computing

SAS Computing and ISC’s Information Security Office are monitoring a massive ransomware attack that appears to have infected many organizations around the world.  The WannaCry ransomware (also called WCrypt or WCry) spreads rapidly on an organization’s network, targeting unpatched Microsoft operating systems. Once infected, files on a Windows computer are encrypted and a ransomware popup window appears demanding the user pay approximately $300 in Bitcoin to unlock (decrypt) the files. The computers that are most vulnerable to this attack are Windows computers that have not been patched recently.

Most SAS computers are patched and managed by SAS computing, and their patches should be up to date as patching status is monitored on an ongoing basis by SAS Computing staff.

For computers you manage yourself or for your home computers, it is very important that you take the following steps to protect your data as soon as possible:

  1. Ensure you have a current backup of your files.  Back up the files stored on your computer to an external hard drive (or even a thumb drive) and disconnect the external hard drive afterwards. 
  2. Patch (ie update) your Windows operating system by running the latest Microsoft updates.  For information on how to do so see the following:

https://support.microsoft.com/en-us/help/12373/windows-update-faq

You may also want to reach out to your LSP on Monday and ask about how SAS Computing can automatically patch your SAS computer for you and help ensure you have a means of backing up your data.

If your computer becomes infected:

  1. Immediately disconnect your computer from the network (unplug the network cable and/or disable wifi)
  2. Contact your Local Support Provider (LSP): http://www.sas.upenn.edu/computing/support

Information about this latest attack can be found here:

http://www.cnn.com/2017/05/13/world/ransomware-attack-things-to-know

For more information about ransomware in general, please see:

https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

Tags: , , ,

Posted May 15, 2017 by leonhart in category Uncategorized