NYU Wordpress Theme

Update 5/16/2017 Re: WannaCry (also known as WannaCrypt, WanaCrypt0r 2.0, and Wanna Decryptor) Malware/Ransomware

  1. Most critical to combating this strain of malware is to patch your Windows machine to the most current level. Refer to: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 or http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212 to find the appropriate patch level for your operating system.  This is especially important if you are running a version of Windows which is no longer supported, like XP or Windows Server 2003.
  2. Regardless of the patching steps you take, it is possible to be infected by WannaCry—subsequent to patching—if you click on a malicious email link or attachment. Please review our instructions on how to handle phishing messages and messages with odd attachments: http://www.nyu.edu/servicelink/KB0014438.
  3. After an initial machine is infected, WannaCry is spread via a vulnerability with SMB, the protocol which manages Windows file sharing. This vulnerability was patched by Microsoft in March. See https://technet.microsoft.com/en-us/library/security/ms17-010.aspx for more information.  So, if you’ve patched since March, you are not vulnerable to MS 17-010 unless you execute a malicious email attachment or link, so likelihood of infection is lower.
  4. We strongly recommend that machines with out-of-date operating systems be updated or retired. If you must use them, then they should be run in Standalone Mode, unconnected to the network. If you have questions about running an unsupported OS and how to transition your business process to a modern system, please contact the IT Service Desk at AskIT@nyu.edu.

WannaCry and Generic Ransomware Advice for Shared Network Drives  / NYU Box / Google Drive / DropBox

Since the WannaCry malware encrypts your data, the encrypted data can move to your backup or cloud-based file sharing service like Box, DropBox, Drive, and others, if you sync to those services.  The sequential steps to follow if you are the victim of the encryption via ransomware is:

  1. Talk to your local IT group or NYU IT Office of Information Security (security@nyu.edu)
  2. Wipe your device
  3. Patch system to an up-to-date level
  4. Recover files from a backup or a sync performed prior to the encryption.
  5. Disconnect backups by dismounting backup devices or disconnecting from file sharing services

As an example, in March an NYU user encountered ransomware, on a Windows machine, that encrypted files on computers, USB drives, and shared network drives. To recover from this event, they were able to recover files from Google Drive, NYU Box, and the respective system administrator’s departmental network drive backups.

For more information, see:

New Ransomware exploits MS vulnerability, spreading quickly

Update #2: May 15, 2017

Ransomware worm that takes advantage of a vulnerability in the Windows operating system remains a threat.

Please see the below PDF for a copy of an urgent security alert message from NYU CIO Len Peters. This message, relating to steps you should take to protect the data on Windows computers from the ransomware attack, was distributed to the entire NYU community via email on May 14 at 11:07pm ET. Should you have any questions or concerns about this message or the instructions it contains, please contact the NYU IT Service Desk, open 24×7: www.nyu.edu/it/servicedesk.

Download (PDF, 98KB)

Update #1: May 12, 2017

The following links will assist in determining which patch to apply, and both provide patch downloads: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 or http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212

Additional Resources:

https://krebsonsecurity.com/2017/05/u-k-hospitals-hit-in-widespread-ransomware-attack/

https://www.nytimes.com/2017/05/12/world/europe/international-cyberattack-ransomware.html

Original post: May 12, 2017

A new ransomware worm, dubbed Wanna DecryptoR 2.0 and #WannaCry, has been spreading quickly throughout locations around the world. Particularly hard hit was the UK National Health Service (NHS). The malware spreads via a malicious link in an email phishing message and takes advantage of a vulnerability in the Windows operating system that was identified by the NSA and released by the hacking group “Shadow Brokers” several weeks ago. The good news is that Microsoft has already patched this vulnerability back in March. For more information on ransomware, read this article in Connect https://wp.nyu.edu/connect/2016/09/22/ransomware-scams/

You should take this opportunity to make sure that your Windows systems are patched and up to date, and if you have not restarted your computer recently, do so, to ensure that any applied patches take effect.

Widespread Phishing Attack on Google Docs

Beware of Emails Saying Someone Wants to Share a Google Doc with You

A phishing attack has been deployed at many universities (and possibly beyond) that use Google. You may see a message purporting to share a Google Doc with you that comes from someone you know.  It shows you a button to click. DO NOT Click on this button. If you do then the email will be shared with those in your contact list.

We are blocking the originating email address, and have blocked several domains involved.
Google is working to mark the email as spam.

WHAT YOU SHOULD DO IF YOU CLICKED ON IT:
1. Go to https://myaccount.google.com/security#connectedapps
2. Click on Manage Apps
3. If you see “Google Docs”, click Delete
4. Change your NYU password as soon as possible via https://start.nyu.edu (this should not be necessary but as we are still gathering information about the severity of this, it will be wise)

NOTE: Step 3 does NOT delete your Google documents. “Google Docs”, if it shows up on this list of apps, it is not a real app.

Please call the IT Service Desk at 212/998-3333 or email AskIT@nyu.edu if you need assistance.

SANS Video of the Month – Passphrases

For tips on how to create passphrases (strong passwords), and for information on password managers, use of 2 factor authentication and more, watch this 3 minute and 43 second video from SANS. This video will be available throughout the month of May.

For information on NYU Multi-Factor Authentication, please click here.  For more information on password managers and password best practices, please see the following NYU IT Connect article.

Under Lock and Passphrase

Are your NYU Drive files correctly shared?

As a best practice, it is highly recommended that you share your NYU Drive files only as broadly as necessary to avoid the unintended disclosure of data. Please follow these quick and easy steps to ensure your files are shared correctly and securely:

  1. To confirm the share settings of existing NYU Drive files, use the Drive Eye add-on to locate any files shared within and outside the NYU community. The Drive Eye add-on will produce a report that allows you to click the links associated with listed documents and change the share settings. For instructions on how to install and use Drive Eye, see NYU Drive: Finding and securing shared files.
  2. View and confirm your share settings for individual documents as follows:
  • Click File, Share, or the Share button at the top right corner of your screen. Screenshot showing the "Share" option in NYU Drive.
  • In the following dialog, click Advanced.
    Screenhot showing the NYU Drive "Share with others" dialog, with a red arrow pointing to the "Advanced" option in the bottom right of the dialog.
  • Confirm that your file settings appear as follows. (Note: The “Private” option is enabled by default).
    • You can choose another share setting via Change.
    • Invite people or Google groups via Invite People.


Screenshot of the "Sharing settings" dialog in NYU Drive with the "Private - Only you can access option circled in red and a red pointer to pointing to the "change" option to the right.  The "Invite people" option is clircled in red in the lower half of the dialog.half

  • Click Change to select from the following options:

    Screenshot of “Link sharing” The five listed options include: “On – Public on the web” “Anyone on the internet can find and access. No sign in required.” second option, “On – Anyone with the link” “Anyone who has the link can access. No sign-in required.” third option “On – New York University” “Anyone at New York University can find and access.” fourth option “On – Anyone at New York University with the link” “Anyone at New York University who has the link can access.” and the fifth and final option “Off – Specific people” “Shared with specific people.”

  • Click Save to confirm your changes.
  • Click Done to return to your document.

For more information about NYU Drive support and training resources, please visit www.nyu.edu/it/drive.