What it is:
WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting Microsoft Windows. On Friday, May 12, 2017, a large cyber-attack was launched, infecting over 230,000 computers in 150 countries. The WannaCry ransomware exploits the Microsoft vulnerability MS17-010 [https://technet.microsoft.com/en-us/library/security/ms17-010.aspx] to infect unpatched Windows-based computers. The infection exploits Microsoft's implementation of the Server Message Block (SMB) protocol (print/file sharing for legacy OSs). Microsoft released a Critical advisory, along with an update patch to plug the vulnerability on March 14, 2017. This patch fixed several workstation versions of the Microsoft Windows operating system including Windows Vista and Windows 8, as well as server versions such as Windows Server 2008. Microsoft also released security updates for the older versions of Windows such as Windows XP and Windows 2003, according to Microsoft. [https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/]
Assessment and D2L Actions:
- Access to ports 137-139 and 445 (known SMB ports) is restricted on our external network or outside of our SaaS Environment which mitigates the risk of this vulnerability.
- Our template is patched monthly and this particular exploit was released in March.
- We’ve run a vulnerability scan and confirmed our environment is safe.
As for student protection, D2L doesn’t control the content that is submitted to the LMS or emails transmitted between students, so any end user produced content cannot be guaranteed as not being malicious. It would be up to the individual user to ensure they have the proper controls in place to secure their endpoints.
What can you do to protect yourself?
D2L recommends that all users patch their personal use Windows systems to the latest patch level as soon as possible by running windows updates. While the spread of WannaCry is unlikely within the D2L corporate environment with automated patching in place, disabling SMB 1.0 and other mitigating controls, it is possible that employees could receive an infected email. As such, D2L recommends that you’re extra vigilant while reviewing emails.