This is the notice that was sent to University of Otago Technical staff earlier this weekend and the update.
Sent Sun 14/5/2017
IMPORTANT (update 1) WannaCry security patches available from MS for XP/2K/2K3/W8 and embedded
In brief, the method of infection seems to be either an email attachment with the downloader included or from the network by exploiting SMB V1 on vulnerable windows devices. The email attachment is likely to be something that has java script enabled in it such as a PDF but could be one of many formats. The SMB V1 vulnerability requires no action from the user for the host to become infected.
For old unsupported Microsoft operating systems, Microsoft have made the security patches available for download, note that they have to be rebooted to complete the patch https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Download English language security updates for: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
For other language downloads, for Windows XP, Windows 8, or Windows Server 2003: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
This worm will likely impact devices that are unattended such as print spoolers, card readers, tills anything that runs Microsoft Windows. So these will need to be patched as well.
Apply the MS17-010 security patches and reboot, if you can’t apply the patches you must enable the local firewall and block ports TCP 137-139, 445 and 3389.
Please contact the ITS Service Desk at 8888 its.servicedesk@otago.ac.nz for assistance with any of the actions mentioned above.
Sent: Sat 13/05/2017
IMPORTANT WannaCry (ransomware worm)
There is a significant wave of infections impacting versions of Windows by a new ransomware called “WannaCry.” – none on campus as yet.
Ransomware is a term used to describe malware that denies access to data or systems unless a ransom is paid to a cybercriminal.
If users are running Windows Desktops 2000, XP, Vista, 7, 8, 8.1, 10 and Windows Servers 2003, 2003 R2, 2008, 2008 R2, 2012, and 2016 and have not applied the Microsoft March patches, your computing resources could be affected.
It is imperative for those users to apply the patch in Microsoft Security Bulletin MS17-010 immediately.
If users are running an obsolete Microsoft operating system, including Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2, there are NO supported patches to reduce exposure to the infections. These users MUST enable the local firewall and block ports TCP 137-139, 445 and 3389.
Please contact the ITS Service Desk at 8888 its.servicedesk@otago.ac.nz for assistance with any of the actions mentioned above. If the Otago campus community faces additional impacts from the global event, ITS will take additional measures to mitigate the infection.
The following links provide more information on the critical vulnerabilities impacting Otago and Microsoft Security Bulletin MS17-010:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://isc.sans.edu/forums/diary/Massive+wave+of+ransomware+ongoing/22412/
https://community.sophos.com/kb/en-us/126733