Ransomware Risk High

WHY IS ENGINEERING AT RISK?

Eight Engineering computers have been compromised with ransomware within the last year, five of which were infected in 2017. As a result files were unavailable unless they could be restored from backup or until a $300 to $600 ransom was paid. It is widely understood the University will not pay ransom, so personal funds had to be used. In one case the ransomware spread from one research computer to another. We were fortunate the ransomware did not spread more widely as these instances predate the more virulent WannaCry.

The latest ransomware variants such as WannaCry are based on leaked NSA backdoors and can spread without users taking action. The first version of WannaCry was stopped due to a coding weakness in the ransomware after it infected over 200,000 computers in 150 countries within 24 hours. New versions of WannaCry without this weakness are now in the wild and security analysts predict additional stolen NSA exploits, for which a security update may not yet exist, will be used in ransomware over the coming months.

Engineering had hundreds of systems vulnerable to WannaCry when the worldwide attack started on May 12th. BigFix streamlined the work of updating computers that didn’t have the required security updates, but approximately half of Engineering computers do not utilize BigFix. Considerable time and effort was required to identify and update computers without BigFix, leaving them vulnerable for an extended period.

HOW TO PROTECT YOURSELF AND OUR COMMUNITY

Make sure you and your peers are protected at work and at home by following these guidelines.

1. Use a computer operating system for which security updates are available.
While Windows and Linux have been targeted most by ransomware authors, macOS and other operating systems are not immune. If security updates are not available for your operating system then your computer is almost certainly susceptible due to unpatched vulnerabilities. Examples of vulnerable OSes include; Windows XP, Vista, Server 2003, and Server 2008 (non-R2); Ubuntu 12.04 LTS and prior; RedHat Enterprise Linux 5.11 and prior; and Fedora 23 and prior.

2. Install security updates within seven days and restart your computer (when prompted).
Work with IT staff to install BigFix on all University owned computers so they can apply security updates to operating systems and third party applications for you. Then when prompted restart your computer after updates have been applied to ensure you are protected. Note: Administrative staff computers and Windows instructional labs in Engineering have BigFix by default. More information can be found at http://itcatalog.ucdavis.edu/service/bigfix

If you are NOT using BigFix then check to ensure you have operating system automatic updates configured properly. You also need to manually apply updates to applications such as Firefox, Chrome, Acrobat, Java, and Flash if your operating system doesn’t include them. Always apply security updates within seven days of their release then restart when prompted to ensure you’re protected. This applies to your computers at home as well, especially if they connect back to the COE or Library VPNs.

3. Maintain a current backup of your data. Store the backup offline or use a service like CrashPlan.
Make sure you have a backup of all your important files and that you can’t easily modify the backed up files (or else ransomware can modify them if your computer is compromised). Services like CrashPlan stop malware from modifying the contents of backed up files. If your computer falls prey to WannaCry or another new variant of ransomware then IT staff will not be able to recover your files through some other method. More information on CrashPlan can be found at http://itcatalog.ucdavis.edu/service/crashplan

4. Let IT know as soon as a computer has ransomware or other malware.
Don’t hesitate to call your local IT staff and IT Shared Services at 530-784-4876 (or email coeithelp@ucdavis.edu). Ransomware can happen to anyone. What’s most important is that we limit the impact.

Additional reading

https://en.wikipedia.org/wiki/Ransomware

https://www.cnet.com/news/wannacry-unprecedented-ransomware-attack-a-nightmarish-wakeup-call/

https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/

https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/

https://arstechnica.com/security/2016/03/first-mac-targeting-ransomware-hits-transmission-users-researchers-say/

Bookmark the permalink.