Watch out for WannaCry ransomware

During the Thanksgiving break, OIT began seeing infections of the WannaCry ransomware spreading across campus. Staff members are working to notify infected campus system owners and to restrict network access of infected machines to limit the spread of the ransomware.

The most important prevention for everyone is to ensure your Windows machines are patched. (See tips below.)

The WannaCry ransomware is malware that locks your computer devices or blocks you from accessing your files until you pay a ransom. Payments are usually demanded in bitcoins in values varying from nominal amounts to as high as $500. In some cases, the ransom increases if you miss the demand deadline and the attackers destroy your files permanently if you refuse to make payment.

Ransomware is very dangerous, but like other cyber attacks, you can take prudent steps to avoid an attack or to protect yourself after an attack:

  • Ensure your operating system and software are up-to-date. If supported, you should set your operating systems to automatically get updates from your vendors or the University. Make sure you keep your software and apps up-to-date, patched and running on the most current version of your operating system.
  • Make sure your antivirus software is up-to-date. Ensure your antivirus software is updated prior to downloading an application to help block new viruses and malware. The antivirus will recognize known threatening sites, downloads and spam — stopping the ransomware before it can install itself onto your device.
  • Back up your important files regularly. When you make backups, consider storing them in two different places — and ensure one location is offline. While Google Drive offers unlimited storage space, you should contact your IT support staff to determine your backup options for work-related files. Use a trusted backup service provider to store your personal files at home.
  • Exercise caution so you don’t get phished. Don’t click on links or attachments in emails if you don’t know the sender. If you happen to know the sender, but the email has obvious errors and raises suspicion, contact the sender directly to ensure the legitimacy of the email. If you believe it is spam, just delete it immediately without opening it. Avoid suspicious websites and don’t download applications or programs from untrusted or unknown websites. If in doubt, read reviews from reputable sources about the applications or programs.
  • Disconnect from the Internet. Typically, you will know that your system is infected with a ransomware when you see a pop-up message on your screen demanding ransom in exchange for a password to access your system or files. If this happens to you, immediately disconnect from the Internet and contact your IT support staff for assistance.
  • Pay the ransom? No. If the ransomware has infected your university assigned computer, immediately contact your IT support staff or the NC State Help Desk at help@ncsu.edu or 919.515.4357 (HELP). If the infection involves a non-university network, be careful in your decision to pay. Paying the attackers could indicate that you are a potential future victim, and there is no guarantee that you will regain access to your system or your files. Your best defense against ransomware is to follow the steps above to avoid an infection and use an effective data backup plan.

For updates, see the SysNews alert.