KCIT WannaCry Ransomware Update
This is a long message but please read it entirely. This message contains important information that all King County employees need to be aware of.
KCIT is aware of a new ransomware called WannaCry. You may have seen news articles and publications on this over the weekend. WannaCry encrypts computer files and demands an average payment of $300 which doubles three days after the infection. If no payment has been received after seven days, the files will be deleted. WannaCry utilizes a known weakness affecting most versions of Microsoft Windows. Systems that are up-to-date on Microsoft patches are not susceptible to the exploit used by WannaCry.
King County has seen no instances of this cyberattack on our systems. The Multi-State Information Sharing and Analysis Center (MS-ISAC), one of KCIT’s cybersecurity partners, has not received any reports indicating a successful WannaCry infections of State, Local, Tribal or Territorial governments. The good news is that a researcher in the UK has effectively stopped this version of the Ransomware. However, KCIT is being proactive and monitoring for changes in the situation.
For the systems that KCIT has visibility, we have assessed King County’s vulnerability to this ransomware:
- Approximately 2% of workstations are lacking the appropriate patches.
- Approximately 10% of the servers are lacking the appropriate patches.
These systems are potentially susceptible to this Ransomware.
What KCIT has/is doing:
- Changes were made to the Anti-Virus rules on County workstations and servers to provide added protections from this exploit.
- Support teams are identifying and prioritizing patching of those systems that are lacking patches.
- We are investigating additional ways to stop this Ransomware at the network level.
- We will be working with those agencies for which we do not have visibility of their systems to ensure that they are also addressing and monitoring the situation.
How you can help:
- For the protections made to the Anti-Virus to take effect, if you have not rebooted your workstation since Friday, please do so. This ensures that these changes are applied.
- Be very suspicious of emails with links and attachments, especially if you are not expecting a link or attachment and if even more so if it comes from someone that you do not know.
- Avoid visiting un-trusted websites or following links provided by unknown or un-trusted sources.
- If you suspect that your work PC has been compromised by Ransomware, call the Service Center immediately at 263-HELP. Follow their instructions. They will either have you immediately shut down the workstation or disconnect it from the network. It is imperative that you do so to stop any impacts to files on your workstation and those on servers.
Protect yourself at home too:
- Apply all patches provided by Microsoft immediately. This can be done by setting your PC to automatically update.
- Keep your Anti-Virus software up-to-date. This is not 100% effective but it does help.
- If you suspect that your home PC has been compromised, shut it off immediately and seek help.
While we believe that the threat of this Ransomware affecting the County is very low, KCIT will remain vigilant for changes in the situation and we ask that you do the same.
If you suspect that your PC has been compromised in any way, do not hesitate to contact the Service Center at 263-HELP.