OUTAGE NOTIFICATIONS

 

                Technology Solutions Centre

TSC Notifications

No events

Security Bulletin

WannaCry Ransomware

Systems Affected

Microsoft Windows operating systems

Overview

According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages.

 

The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.

Description

Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. According to open sources, one possible infection vector is via phishing emails.

Impact

Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

 

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

Solution

Recommended Steps for Prevention

 

  • Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.

  • Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.

  • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary. 

  • Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.

Defending Against Ransomware Generally

Precautionary measures to mitigate ransomware threats include:

 

  • Ensure anti-virus software is up-to-date.
  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
  • Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust.
  • Enable automated patches for your operating system and Web browser.

 

 

 

Thank You

TSC would like to extend a heartfelt thank you to the University community for their patience and cooperation as we migrated our campus infrastructure from an outdated and non-supported network operating system (Netware) to a sustainable, stable and progressive one (Windows).

With the desktop rollout aspects completed end of February, we had a few final cleanup activities to finish before declaring completion.  We are now happy to announce that the final transitions from Netware to Windows are complete, including, with the University’s community’s help and cooperation, a final campus wide security review and update of all network file share access.

The University of Winnipeg can now proudly declare we are operating within a sustainable, stable, and progressive networking environment, removing limitations holding back various technology improvements, and paving the way for other required updates and advancements on campus.

I would also like to extend a special thanks to the team of dedicated professionals in TSC who worked tirelessly and diligently to complete this migration.  A concerted effort was made to complete the complicated technology migration as seamlessly as possible to ensure continuity of services to the campus community we support.

Read more...

Technology Solutions Centre

AKA “Tech Solutions” or “TSC”:  is the hub of all things IT across the University.

Our technical support teams ensure that mission-critical systems are available when users need them.

Everything from maintaining the student information system, to making sure the lab computers run, to improving the wireless network and much, much more all fall under the TSC umbrella.

As a sub-section of the main UWinnipeg.ca website, the main focuses of http://techsolutions.uwinnipeg.ca are to:

  • Inform staff, faculty and students of upcoming technology implementations and outages.
  • Keep our clients in the know about major IT projects.
  • Offer training links and FAQ guides on the technologies supported around campus.
  • Provide easy to use online contact forms for the most common issues and requests.
  • Make sure that all staff, faculty and students have a consistent and up to date point-of-contact regarding campus technology.

If you have a suggestion on how we can improve our services, please Talk To Us about it!