Regardless of the patching steps you take, it is possible to be infected by WannaCry—subsequent to patching—if you click on a malicious email link or attachment. Please review our instructions on how to handle phishing messages and messages with odd attachments:http://www.nyu.edu/servicelink/KB0014438.
After an initial machine is infected, WannaCry is spread via a vulnerability with SMB, the protocol which manages Windows file sharing. This vulnerability was patched by Microsoft in March. Seehttps://technet.microsoft.com/en-us/library/security/ms17-010.aspx for more information. So, if you’ve patched since March, you are not vulnerable to MS 17-010 unless you execute a malicious email attachment or link, so likelihood of infection is lower.
We strongly recommend that machines with out-of-date operating systems be updated or retired. If you must use them, then they should be run in Standalone Mode, unconnected to the network. If you have questions about running an unsupported OS and how to transition your business process to a modern system, please contact the IT Service Desk at AskIT@nyu.edu.
WannaCry and Generic Ransomware Advice for Shared Network Drives / NYU Box / Google Drive / DropBox
Since the WannaCry malware encrypts your data, the encrypted data can move to your backup or cloud-based file sharing service like Box, DropBox, Drive, and others, if you sync to those services. The sequential steps to follow if you are the victim of the encryption via ransomware is:
Talk to your local IT group or NYU IT Office of Information Security (email@example.com)
Wipe your device
Patch system to an up-to-date level
Recover files from a backup or a sync performed prior to the encryption.
Disconnect backups by dismounting backup devices or disconnecting from file sharing services
As an example, in March an NYU user encountered ransomware, on a Windows machine, that encrypted files on computers, USB drives, and shared network drives. To recover from this event, they were able to recover files from Google Drive, NYU Box, and the respective system administrator’s departmental network drive backups.
Ransomware worm that takes advantage of a vulnerability in the Windows operating system remains a threat.
Please see the below PDF for a copy of an urgent security alert message from NYU CIO Len Peters. This message, relating to steps you should take to protect the data on Windows computers from the ransomware attack, was distributed to the entire NYU community via email on May 14 at 11:07pm ET. Should you have any questions or concerns about this message or the instructions it contains, please contact the NYU IT Service Desk, open 24×7: www.nyu.edu/it/servicedesk.
A new ransomware worm, dubbed Wanna DecryptoR 2.0 and #WannaCry, has been spreading quickly throughout locations around the world. Particularly hard hit was the UK National Health Service (NHS). The malware spreads via a malicious link in an email phishing message and takes advantage of a vulnerability in the Windows operating system that was identified by the NSA and released by the hacking group “Shadow Brokers” several weeks ago. The good news is that Microsoft has already patched this vulnerability back in March. For more information on ransomware, read this article in Connecthttps://wp.nyu.edu/connect/2016/09/22/ransomware-scams/
You should take this opportunity to make sure that your Windows systems are patched and up to date, and if you have not restarted your computer recently, do so, to ensure that any applied patches take effect.
Beware of Emails Saying Someone Wants to Share a Google Doc with You
A phishing attack has been deployed at many universities (and possibly beyond) that use Google. You may see a message purporting to share a Google Doc with you that comes from someone you know. It shows you a button to click. DO NOT Click on this button. If you do then the email will be shared with those in your contact list.
We are blocking the originating email address, and have blocked several domains involved.
Google is working to mark the email as spam.
For tips on how to create passphrases (strong passwords), and for information on password managers, use of 2 factor authentication and more, watch this 3 minute and 43 second video from SANS. This video will be available throughout the month of May.
For information on NYU Multi-Factor Authentication, please click here. For more information on password managers and password best practices, please see the following NYU IT Connect article.
As a best practice, it is highly recommended that you share your NYU Drive files only as broadly as necessary to avoid the unintended disclosure of data. Please follow these quick and easy steps to ensure your files are shared correctly and securely:
To confirm the share settings of existing NYU Drive files, use the Drive Eye add-on to locate any files shared within and outside the NYU community. The Drive Eye add-on will produce a report that allows you to click the links associated with listed documents and change the share settings. For instructions on how to install and use Drive Eye, see NYU Drive: Finding and securing shared files.
View and confirm your share settings for individual documents as follows:
Click File, Share, or the Share button at the top right corner of your screen.
In the following dialog, click Advanced.
Confirm that your file settings appear as follows. (Note: The “Private” option is enabled by default).
You can choose another share setting via Change.
Invite people or Google groups via Invite People.
Click Change to select from the following options:
Screenshot of “Link sharing” The five listed options include: “On – Public on the web” “Anyone on the internet can find and access. No sign in required.” second option, “On – Anyone with the link” “Anyone who has the link can access. No sign-in required.” third option “On – New York University” “Anyone at New York University can find and access.” fourth option “On – Anyone at New York University with the link” “Anyone at New York University who has the link can access.” and the fifth and final option “Off – Specific people” “Shared with specific people.”
Click Save to confirm your changes.
Click Done to return to your document.
For more information about NYU Drive support and training resources, please visit www.nyu.edu/it/drive.