WannaCrypt Ransomware Attacks

BSOS Colleagues,

Below is a message from Microsoft regarding the recent Ransomware attacks being reported over the weekend. Please read the information provided below for specific details on this new threat and how you can protect yourself.
 
OACS has taken measures to secure our servers and protect them from this current threat. All Windows computers joined to the campus Active Directory domain that are receiving their monthly patches should also be protected at this time. However, we strongly encourage users to run a Windows update check on any Windows devices that you use, both here on campus and at home, to make sure you have the most recent security updates.
 
Please contact the OACS User Support Help Desk if you have any questions or concerns regarding this message and one of our User Support Technicians would be happy to assist you.

OACS User Support Help Desk
oacshelpdesk@umd.edu
301-405-7391, x57391

Office of Academic Computing Services
College of Behavioral and Social Sciences
University of Maryland
www.oacs.umd.edu

 

---------- Forwarded message ----------

Date: Mon, May 15, 2017 at 9:13 AM
Subject: Alert - WannaCrypt Ransomware Attacks

What is the purpose of this alert?

This alert is to provide guidance regarding malware variously named WannaCrypt, WannaCry, WannaCryptor, or Wcry. This information is being provided to you so that you can assist customers who have questions related to the issue.

Summary

Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software.  Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. We are using the MSRC blog - Customer Guidance for WannaCrypt attacks to post information and resources in one place, to help customers respond to this latest threat.

The first and most important piece of guidance is to immediately deploy the security update associated with Microsoft Security Bulletin MS17-010, if you have not done so already. Customers that have automatic updates enabled or have deployed this update are already protected from the vulnerability these attacks are trying to exploit.

Malware Detection

Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/WannaCrypt.

In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others.

Recommendations

Review the Microsoft Security Response Center (MSRC) blog at Customer Guidance for WannaCrypt Attacks for an overview of the issue, details of the malware, suggested actions, and links to additional resources.

Keep systems up-to-date. Specifically, for this issue, ensure Microsoft Security Bulletin MS17-010 Security Update for Microsoft Windows SMB Server is installed.

Customers who believe they are affected can contact Customer Service and Support by using any method found at this location:https://support.microsoft.com/gp/contactus81?Audience=Commercial.

Microsoft Malware Detection and Removal Tools

Use the following free Microsoft tools to detect and remove this threat:

Additional Resources

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.

If you have any questions regarding this alert, please contact your Technical Account Manager (TAM)/Service Delivery Manager (SDM).

Thank you,

Release Date: 
5/15/2017