What you need to know about WannaCry

Irwin Gaines

A new variant of malicious cyber software became widespread over the weekend, attacking sites worldwide and drawing headlines and much attention from the U.S. (and other) governments. Known as WannaCry ransomware, this software, if it infects your computer, will encrypt your files, demand a payment of $300 in untraceable digital currency and delete your files if the ransom is not paid. Other variants with similar behaviors are also appearing.

Here is what you need to know about WannaCry:

  • In some ways, this is a typical cybersecurity attack. The initial infection may occur when an unwary user clicks on a malicious link or attachment in a spam or phishing email. Continue to be vigilant, and avoid carelessly clicking links!
  • What is unusual about this particular infestation is that, once installed on a single machine on a network, it can quickly proliferate to innocent machines by exploiting a vulnerability in Microsoft’s Server Message Block (SMB) service. This vulnerability was patched back in March on all lab machines that are running up-to-date versions of Windows, but if you have computers running Windows XP or that you manage yourself, you must make sure all appropriate patches are installed. If you don’t need SMB, which is used for sharing files across networks, turn it off. Be particularly careful connecting to any public networks.
  • Personal devices will be safer attached to our guest wireless network rather than the lab “fgz” wireless network, since file sharing in general (and SMB, in particular) is blocked on the guest network. If you are unsure of the patch status of your device, choose the guest network instead of fgz for your WiFi connection until the current furor dies down.
  • Remember, if your data is backed up to a secure location that is not constantly connected to your computer, you are immune from ransomware because your files can always be recovered from backups.
  • Finally, note that it is Fermilab’s policy to not pay ransomware.

As always, remember you must promptly report any actual, or even suspected, security breaches or incidents 24×7 to the Service Desk at x2345.

Irwin Gaines is the Fermilab chief security information officer.