[Faccus] Ransomware threat resulting from leaked NSA hacking tools - May 15

Darren Bondy darren.bondy at uwaterloo.ca
Mon May 15 16:10:03 EDT 2017

What is happening? In mid-April 2017, hacking tools alleged to have been developed by the NSA were released to the public.  These tools exploit a flaw in all versions of the Microsoft Windows operating system.  Microsoft had released updates in March 2017 to correct the flaw in supported versions of Windows.  On Friday, May 12, a ransomware worm named "WannaCry" attacked hundreds of thousands of computers in approximately 150 countries by exploiting this vulnerability.  While the initial malware outbreak was stopped by a security researcher, we expect more attacks given the pervasiveness of the flaw.

Who is at risk? Any computer running the Microsoft Windows operating system.

What you can do to protect your Windows computer:

*         Ensure that you have the most up to date security patches installed on your Windows operating system. It is recommended that you enable auto updates to ensure your system is always up to date.  A reboot is needed for the update to take effect.  Computers on-campus in the NEXUS domain should already have this update applied.

*         For users running Windows XP, Windows 8, or Windows Server 2003 follow the directions laid out by Microsoft at: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

*         If you are unable to update your system, then turn off SMBv1: https://support.microsoft.com/en-gb/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

*         Be cautious of any suspicious email you receive. Under no circumstances should you open or extract unexpected zip files, run any files contained within the attachment, or click on links within the email. Doing so allows the malware access to your machine, which will render it unavailable until fixed. This process can take 1-2 business days.

How to protect Windows servers: Consider using Windows Firewall for additional protection. It is recommended that you deny inbound connections by default, and allow connections only specifically required.

Additional resources:

*         Microsoft security bulletin: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Questions or concerns? Contact the IST Service Desk, helpdesk at uwaterloo.ca<mailto:helpdesk at uwaterloo.ca> or ext. 44357.

Recipients of this message: isthd, ist-staff, faccus, admin-support, ctsc, ucist, sec-wg, UWWeb, MSI, SSO, Daily Bulletin

Darren Bondy
Information Systems and Technology
(519)888-4567 x49525
University of Waterloo, Waterloo, ON

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20170515/ed7fb3b9/attachment.html>

More information about the Faccus mailing list