UAB IT security protections ward off 'Wannacry'

WannaCry header

UAB’s cybersecurity protections have warded off “WannaCry” ransomeware. To date, this malicious software has had little effect at UAB because of security protections put in place by UAB IT. However, the UAB community should remain on guard to protect from future threats.

The ransomware attack using what’s been called WannaCry software has locked computers in more than 150 countries, exploiting vulnerabilities, and has already inspired similar attacks.  In a ransomware attack, malicious software can encrypt and block the data on your computer or device — and hackers can then demand payment in exchange for the return of access to your data. 

The UAB community must be aware of the risks to avoid being tricked into installing malicious software on their computers, which can then also spread to other computers on the network.

This kind of attack is not new — it is a new twist on an old crime — but the rapid worldwide spread of WannaCry heightened media attention.

Over the past year, UAB IT has been putting new protection methods in place that help guard against such cyber attacks.

Among the new defenses:

  • SCCM, or Microsoft System Center Configuration Manager, provides automated patch management to systems across campus. Patch management helps protect against potential malicious intrusion and allows the network to be monitored constantly — that way, immediate action can be taken if a patch has yet to be released when a vulnerability is discovered. Patch operating systems, software and firmware on devices. A centralized patch management system, like UAB’s SCCM, is the best way to manage system patching. SCCM patched many UAB systems against the WannaCry malware more than a month before the outbreak. Anyone who is not using SCCM is encouraged to contact AskIT to work with UAB IT staff to deploy it on their systems.
  • Default-deny is a new firewall posture implemented late last year to better protect against intrusions by external attackers. The posture, which is considered a best practice, means only approved network services are allowed. Everything else is denied to help protect the network — and UAB and employees’ and students’ data. This posture protected UAB’s systems from external WannaCry scans and infections.
  • PhishMe simulated campaigns and PhishMe Reporter tool have helped increase awareness of the dangers of phishing emails among UAB students, faculty and staff.  Phishing scams often take the form of fraudulent emails designed to trick users into revealing sensitive or protected information, such as usernames and passwords or bank information, but posting as a legitimate entity such as your bank, social media sites — or even the university president.
UAB faculty, staff and students are urged to remain vigilant against phishing attacks. To guard against phishing and ransomware attacks:

  • Be aware that you are a target.
  • Scrutinize links contained in emails, and do not open attachments in unsolicited emails.
  • Report any suspected phishing emails.
  • Keep all software on your computer up to date.