CITS

UMB Not Affected by Worldwide Ransomware Attacks

May 24, 2017   |  By Joe Dincau

The University of Maryland, Baltimore was not affected by the recent widespread global ransomware attack, called WannaCry.

The attack spread to more than 150 countries and affected approximately 300,000 unpatched computers running Microsoft Windows operating systems. For those affected, the attack locked people out of their computers and demanded ransom payments to regain access to the files.

We are members of the Research and Education Network-Information Sharing and Analysis Center (REN-ISAC), based at Indiana University, where security threats are shared among universities in real time. Our first verified communication of this threat came from the REN-ISAC hours before it was known and reported by the news media.

We quickly took action to check the several layers of protection that are in place for the UMB campus. First, the network port (445) that WannaCry was using to get access to any vulnerable Windows machine was blocked. We blocked this network port many years ago because of its vulnerability to these types of attacks.   

UMB has a sophisticated Intrusion Prevention System (IPS) that automatically blocks malicious attacks on our network. Potential threats are eliminated immediately while at the same time we have IT security personnel monitoring real-time reports of IPS data. We were able to use information from the REN-ISAC, as well as our monitoring software, to determine that the WannaCry attack was not hitting our IPS.    

We have a network monitoring system, called our Nessus Security Center, which allows us to scan the UMB network for any vulnerable server or computer. We run scans monthly, and more often when there is a report of threat activity. We apply security patches to servers and computers on a regular basis, and if there is a security patch released by a vendor to address a critical vulnerability, that patch gets applied immediately.

IT security information is shared on a daily basis with IT professionals across the UMB campus. The IT Security Collaborative working group, composed of individuals in UMB schools and departments, FPI, UMMS, and CITS, meets on a monthly basis. These monthly IT security meetings focus on information sharing as well as a discussion of activities and solutions for keeping our systems and data secure.

While this attack was a non-issue for UMB, and a relatively low-level threat compared to other attacks that we experience on a regular basis, it is another reminder of the value and importance of having a strong IT security plan and program, the need to continue to support IT security as a priority activity, the need to continue to make appropriate investments in security technologies, and the need to continue to remind and educate the campus community that information security is everyone's responsibility.

If you have any questions about the WannaCry attack or about UMB IT security, please contact the IT Security and Compliance team.