Warning! Global Petya Ransomeware Attack – What You Can Do To Prevent Infection

There currently is a global ransomware attack called Petya (similar WannaCry or WannaCryptor) that has affected computers worldwide. UT Arlington is currently not affected and both IT and Security teams are actively working this weekend to minimize the impact of an attack.

OIT will send updates to the community as more information becomes available.

What you should know:

  • This malware is more sophisticated than WannaCry and will render an infected computer inoperable.
  • This malware affects all unpatched Microsoft Windows versions (from Windows 98 through Windows 10. Microsoft released patches for this in March through normal windows update.
  • Macintosh and Linux operating systems are not affected at this time.
  • The malware can be delivered as an attachment or a link to a compressed .zip file. Unsuspecting victims who open the file on an unpatched computer are infected and the malware begins to encrypt files on the computer.

What has UTA IT Security has done so far:

  • An initial patch for the vulnerability was released in March and was installed on OIT managed Windows computers in the ARDC and on campus. Additional patches were released over the weekend.
  • Our Intrusion Prevention System has been updated to prevent direct attacks from the internet.
  • Our email system has been configured to quarantine compressed .zip files (that are manually inspected and released by OIT).
  • OIT has implemented protections on the file server to protect against encrypted files being placed on it.
  • OIT has verified that backups are running on the file servers (K: and J: drives) in the event of infection.
  • OIT has made available CrashPlan to back up data on computers.

What you should do:

  • Do not click on suspicious links or attachments received in your personal or UTA email. To learn about Ransomware: http://www.uta.edu/security/ransomware/
  • If your UTA computer managed by OIT, and it has not been turned on in a while, turn it on and reboot it when prompted.
  • If you are running an old version of Windows that is no longer supported (such as Windows 98 through Windows 8, Windows Server 20018, 2013, etc), Microsoft has released a patch that is available: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
  • Make sure that your home computers operating system and antivirus is up-to-date.
  • Do not open shared documents (e.g. Box, Dropbox, google drive, etc.) that you are not expecting.

If your UTA computer becomes infected, disconnect it from the network immediately. Please send email to helpdesk@uta.edu to report the infection.