NWU foils WannaCry ransomware

Marelize Santana -- Fri, 05/19/2017 - 11:41

NWU foils WannaCry ransomware

It’s been war in the cyber world in the past few days. Cyber criminals tried, and succeeded in some instances, to infiltrate work and home computers all over the world, and in the process destroyed valuable information.

The proactive action taken by the North-West University’s (NWU’s) Information Technology (IT) department prevented the university’s work computers from falling prey to the threat and the NWU from becoming another ransomware statistic.Boeta Pretorius, the NWU’s chief director of IT, says his dedicated team realised the extreme danger that the WannaCry ransomware posed and decided to act decisively to safeguard the university’s information assets and computers.

Keeping cyber criminals at bay
Cyber criminals use the ransomware to encrypt data and then demand payment for restoring it, according to Boeta. He says this kind of extortion was possible because criminals had found a vulnerability in the Windows operating system. Computers that were fully updated had security patches to address the vulnerability, but Boeta says a limited number of NWU computers were not regularly updated with the necessary patches, which put them at risk.
The IT team worked tirelessly throughout the weekend and then put in several 18-hour days this week to isolate vulnerable computers and ensure that if they were to become victims of ransomware, the virus would not spread through the NWU’s network and Wi-Fi services.

“It was a complex task, as not all the computers had the same version of the operating system and some needed different patches than others.” More vulnerable networks such as NWU-Guest, where users can circumvent extensive security checks, were closed.

“It is always important to remember that carelessly opening suspicious attachments, folders and emails does not only affect the person on whose computer it rears its ugly head, but can potentially harm all other workstations that are connected through the network or share services.”

Boeta advises the NWU’s computer users to be cautious always. “IT will never ask for your log-on details via email. It is also important always to check internet addresses for suspicious amendments. For instance: the NWU’s address is nwu.ac.za and anything other than this, for instance NWU.co.za or NWU1.co.za, may indicate a questionable address.

“I think we can safely say that the NWU did not fall prey to this version of ransomware. We would like to thank all staff and students who heeded the call to take extreme care when opening emails and attachments and always ensured that their computers were fully updated.”

Please keep on doing this because the next attack could be around the corner.

For practical security tips, visit http://www.nwu.ac.za/it/security

According to the thehackernews.com website, the WannaCry ransomware infected more than 237 000 computers across 99 countries around the world. Once infected, the ransomware also scans for other vulnerable computers connected to the same network, and scans random hosts on the wider internet, enabling it to spread quickly. Photo: thehackernews.com