10:45 17/05/17 Message regarding the ‘WannaCry’ cyber attack

The Information Technology department is currently working hard on mitigating the risks associated with the latest CyberSecurity incident: the WannaCry worm; the cyber-attack that affected a wide range of institutions last week.

What is it and what are the challenges affecting the University?

The worm affected computers that had not been properly patched, or that were running old operating systems. It follows a tradition of “worms” that have affected computers over a long period of time. The first worm was created in 1988 by mistake, but there have been many others that have affected the internet since and they continue to pose a threat today.

They all exploit vulnerabilities in operating systems: effectively where the code in a program has been poorly written and allows someone other than the intended user to access or control the program. When vulnerabilities are discovered, they can be “patched” – another piece of code is written to fix the code and remove the vulnerability. If the patch is not applied then the original program is left vulnerable to being attacked and the longer it is left the more likely it is that the vulnerability will be exploited and the software that is being used or the data that is being accessed will be compromised.

This is a particular challenge in environments where the management of computers is not well controlled – patching is disruptive (PCs often require a reboot) and time consuming – so machines and software are not always kept up to date. Also a University, like the NHS, will often have machines that are running expensive equipment (for example scanners, microscopes and other scientific equipment). These are often based on old operating system that cannot be easily upgraded and so the choice is to either buy a new piece of equipment or accept/mitigate the risks associated. This can be a very difficult decision to make.

What can you do to help?

There are a number of things that you can do to help:

  • Ensure that patches are applied. While the IT department will push patches out to machines, they often need to be rebooted to be applied. Make sure your machine is rebooted when prompted.
  • Use central file shares or OneDrive for Business to store information. The data is either backed up or previous versions are kept. In the event of a successful ransomware attack we can go back to an earlier version before the file was encrypted – if it is stored on a local drive it may not be backed up and will be lost.
  • Don’t fall for scam emails or websites. Be suspicious of anything you are not expecting and don’t open unexpected email attachments. If you are unsure then contact the sender, preferably by a different method (e.g. phone or text)
  • If you aren’t certain then contact the IT Service Desk they are there to help you with your questions and provide advice.