Here are some quick answers to questions you might have about WannaCrypt:
What is it?
WannaCrypt (also known as WannaCrypt0r and WannaCry) is a ransomware that encrypts the files on infected Microsoft Windows systems (both desktop and servers) and demands payment before decrypting them so that you may access them again.
How does it spread?
WannaCrypt spreads through two primary means: phishing and self-replication across a network.
Why are we hearing so much about it?
The reason for WannaCrypt’s prevalence in the current news cycle is two-fold: It counted the UK’s National Health System as one of its first major hits, and it can spread across systems within a network without any user interaction.
What is UNT’s status?
At this time, there have been no reports of WannaCrypt on our networks, and network admins are working to patch any unpatched machines. However, it would only take one instance of WannaCrypt on our network to cause an outbreak on unpatched systems.
Best Practices {when securing systems against harmful software)
- Keep computers updated with the most recent patches.
- Remove infected computers from the network immediately.
- Apply the principle of least privilege to user permissions and reduce the numbers of privileged accounts.
- If you detect a system threat, notify information security immediately at security@untsystem.edu
Further resources
- http://www.npr.org/sections/thetwo-way/2017/05/15/528451534/wannacry-ransomware-what-we-know-monday
- https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20
- https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
- https://technet.microsoft.com/en-us/library/security/ms17-010.aspx