Information Security

WannaCry Ransomware Attack

Response from University CISO regarding WannaCry Ransomware attack

Dear colleague, You may have seen media reports over the weekend about the ongoing widespread ‘cyber-attack’ that has been impacting different organisations across the globe, with particular reports covering the impact in the UK to NHS services.

These specific attacks are exploiting a vulnerability in some versions of Microsoft operating systems and are aiming to force organisations with infected machines to pay a ransom to get access to their information restored.

There have been no reports of any material impact to the University.

Technical teams in the University have been aware of this particular software vulnerability for some weeks and have been applying the necessary software patches as they are released to ensure that the vast majority of our supported desktops remain protected. If you use a locally/self-supported or managed desktop, we advise that you ensure that your computer has been updated to the most recent software version (in particular Microsoft patch MS17-010 from March 2017).

In addition, it is best practice to:

- Use University shared drives to store your data as these are automatically backed up. If you use anything else, you should make local arrangements - Ensure that anti-virus software is automatically updated and installed (this is done for you if you have a supported desktop)

- Continue to be vigilant and aware of phishing email attempts If you have any concerns, or suspect that your device may be affected, please contact the Helpline (internal 515151, external 0131 651 5151) who will be able to assist.

Further general information on Phishing emails is available on the University Information Security webpages at http://www.ed.ac.uk/infosec. If there is any material change to the impact on the University, we will provide a further update.

Thank you for your continued vigilance.

Alistair FenemoreChief Information Security Officer