Campus security has notifed SEASnet of the proliferation of ransomeware and is recommending that you ensure all machines are patched. Please see the specific details below: Reports are coming in from around the world that a new form of Ransomware called WannaCry/WanaCrypto 2.0 is being exploited on unpatched machines, using the DoublePulsar vulnerability. This vulnerability was part of an exploit dump that occurred a few weeks ago by a group calling themselves "The Shadow Brookers". This vulnerability affects SMBv1, SMBv2, SMBv3 in Windows Versions XP, 2003, 7, 2008 and 2008r2. Currently the malware is spreading by acting as a worm (a computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer). The campus believes that the network blocks implemented a couple weeks ago have prevented infections on campus machines. However, UCLA IT Security is still advising people to apply the MS17-010 patch ASAP as the border blocks will not protect machines that are off campus. In addition, Sophos has released a signature that detects the ransomware, so we recommend ensuring Sophos is current on any machines you manage. Finally, please be aware that there is no method of decryption publicly available at this time. Any sites offering this service are potential phishing sites for the malware. For more details on the vulnerability visit: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
