McMaster taking steps to protect its networks against WannaCry ransomware

May 12, 2017

Update - Sat. May 13, 9:45 pm

The global Ransomware attack known as "Wanna Cry", has now been contained. McMaster's network was not infected by this threat.

IT teams from all areas of the University have taken precautions to reduce The risk to our network and server infrastructure. The restrictions that were implemented to protect the network have now been removed.

Ransomware attacks such as this one are increasing in frequency, and will continue to threaten McMaster’s network and computing systems.

As such, it is necessary that every member of the McMaster community remain vigilant about IT Security hygiene on their computers:

  • Make sure that all of your software is up to date, especially your Microsoft operating system
  • Make sure that your antivirus client is up to date and running
  •  Enable web browsing protections available in your antivirus client, or through browser security extensions
  • Be wary of malicious websites and emails
  • Do not open attachments that you were not expecting
    If you have questions, please contact the UTS Service Desk at x2HELP (x24357) or the IT Security Team.

Update - Sat. May 13,  1:30 pm

The University continues to implement its plan to safeguard our campus information networks as a precaution against the Wanna Cry virus. The McMaster network has not been infected but steps are being taken to safeguard it against the ransomware threat. You can take steps to protect the network by reading the instructions below. While the University is implementing its action plan you may experience difficulties accessing the Mac Mail email network, connecting to network drives and printing to networked printers.

We will continue to update the community as necessary.

 

Friday May 12 - 9:30 pm

Public Safety Canada is warning of a global Ransomware attack known as "Wanna Cry". The Ransomware enters networks through malicious emails (Phishing), or by being downloaded from infected websites. Once on the network, the infection is able to worm from one computer to another by exploiting vulnerabilities in the way that Windows computers share files and other services.

McMaster's network has not, as of now, been infected and we are taking steps to further protect our systems.

The impact of this attack has mostly been felt in countries overseas, but in an abundance of caution the University's IT Security and Enterprise Network teams are taking action to prevent the spread of this attack to McMaster.

What does this mean to you?
The worm spreads using the protocols that support Microsoft file and print services, as well as the protocol used to authenticate users to Active Directory.

To protect the network, McMaster is blocking these protocols. This means you may not be able to access MacMail email, access files on shared drives (e.g., H:, P:, Q:, etc.), and you will not be able to print to network printers.

What can you do to help?
As always, it is very important that you remain vigilant about IT Security Hygiene on your computer:
- Make sure that all of your software is up to date, especially your Microsoft operating system.
- Make sure that your antivirus client is up to date and running
- Enable web browsing protections available in your antivirus client, or through browser security extensions
- Be wary of malicious websites and emails
- Do not open attachments that you were not expecting
These controls will be in place temporarily; we will continue to assess this threat as it develops to determine the potential impact to the McMaster network, and re-enable the services when it is deemed safe to do so

Contact McMaster IT Security for more information about this and other internet threats, and how we are working to keep you safe:
email: c-it-security@mcmaster.ca
Web: http://itsecurity.mcmaster.ca/
Twitter: @McMaster_ITSec (https://twitter.com/McMaster_ITSec)
Facebook: https://www.facebook.com/mcmaster.itsec
Telephone: x28299