|Title||Start Date & Time||End Date & Time|
|Service Maintenance Scheduled: Williams Village Wireless||Thursday, June 1, 2017 - 5:30am||Thursday, June 1, 2017 - 7:00am|
OIT is monitoring reports of a large-scale active ransomware attack that leverages the MS17-010 vulnerability patched by Microsoft in March. The media have dubbed this new strain as Wanna Decryptor, Wannacry, or Wcry. We have reports that, in addition to the standard network ports used by SMB (UDP 137 & 138, TCP 137 & 139, and TCP 445), Wcry may be leveraging RDP to access and encrypt files. While the initial infection may be caused by a malicious email, once a system is compromised the worm can spread across the network.
Windows system administrators need to ensure that they have patched for MS17-010. Standard access control and backup practices will also help limit exposure to ransomware attacks by limiting the scope of files accessible to a compromised system and allow for recovery of data. OIT does not recommend relying solely on volume shadow copy service (VSS) as a failsafe for ransomware attacks as some strains of ransomware have been known to disable VSS.
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or firstname.lastname@example.org. IT Service Center Hours: https://oit.colorado.edu/support/it-service-center.
Important definitions for notice:
- Urgent: severity represents a broad threat to the entire campus community including remotely exploitable administrator or root type attacks.
- Severe: severity includes worms & web or email based exploits.
- Important: severity includes viruses and local exploits for commonly used services.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.