You may have seen news reports of a widespread global ransomware attack that started on May 12, 2017.  We want to make sure our community is aware of the details of the situation, how it affected Boston University, and what we should all be doing to keep our systems and data safe.

What Happened?

Cybercriminals released a new piece of malicious software, or malware, that spread to over 150 countries in two ways:

  • Email, where it attempts trick recipients into opening infected documents; and
  • Exploit against a vulnerability in Microsoft Windows.

When a computer became infected it would encrypt files and demand a ransom.  Owners of infected systems were given a period of time to respond to the ransom or their systems would remain encrypted forever.

How Did This Affect BU?

Late Friday afternoon, BU Information Security was alerted that a computer on the Charles River Campus was infected and attacking other computers on the Internet.  The infected system was quickly isolated by Information Services and Technology (IS&T) and Information Security began looking for signs of other infected systems on campus.  Most of the computers managed by BU (if you see a weekly message on your computer from KACE Desktop Alert saying your computer was updated, it is a BU managed computer) were already patched and over the last few days the IT Help Center worked to ensure all our managed computers were patched.

What can I do to prevent this from happening to me?

Two good reminders we can all take from this weekend’s cyber-attack, is the extent to which the attack was mitigated by people keeping their systems up to date and being careful in their handling of email.  The third reminder that we should learn from those who were impacted is to ensure that you have your important documents backed up.

  • Reminder 1: Always stay current with your Operating System updates and patches.
    You should always make sure your computer is set to automatically apply system patches.  The exploit used in this malware was patched by Microsoft in March of 2017.  Systems that are up to date with patches were not vulnerability to one of the primary ways the malware spread.  If you have an IS&T managed computer, automatic Operating System patching should already be enabled for you.If you manage your own computer, details of keeping your Operating System patched can be found for Windows and Mac computers.Many viruses and exploits can be prevented if antivirus software is installed and kept up to date.If you have an IS&T managed computer, you should already have antivirus installed.  For other computers, you can download McAffee VirusScan for free.
  • Reminder 2: Never Open Attachments from Unfamiliar Senders.
    Phishing – those cleverly crafted emails look legitimate but are designed to trick you into either giving up your personal information (password, credit card number, etc.) or downloading malicious software.  More information on spoofed messages and phishing can be found on our website.
  • Reminder 3: Always Keep Your Data Backed Up.
    What would happen if your computer did become infected and the files on it were no longer usable?  The few minutes you spend now to set up a network backup of our system now could save you from losing all your documents!  CrashPlan cloud backup is available to the BU community.

What do I do if my computer becomes infected?

The first and most important thing is to remove it from the network by removing the Ethernet cord or disabling the wireless.  This will stop it from spreading the virus to those you share the network with.

Second, reach out to the BU Information Security Incident Response Team and notify your local support staff for BU managed systems.