WCry Ransomware Widespread Outbreak

May 13, 2017

On Friday, May 12, reports of a widespread outbreak of WCry ransomware surfaced. WCry is also commonly referred to as WannaCry and/or WanaCryptOr. Wcry was discovered in February, but recently updated and began spreading quickly.

What is Ransomware?  Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

What is Information Technology Services (ITS) doing?  

We are actively scanning and patching systems, however, this is not comprehensive of all UK computers.  We are making sure our servers are up-to-date and secure; updating the virus signature on our firewalls to block this attack; and are working with security vendors to help us mitigate risk and identify attacks to our campus community. Additionally, we have blocked known web addresses associated with Wcry.

What should I do if my UK device is infected?

Disable your wireless internet and/or unplug your computer’s internet cable. We recommend that you DO NOT PAY the ransom. If you are seeing the splash screen below, the best course of action is to contact your college/center IT staff and/or the IT Service Desk at 859-218-HELP (4357) or email 218help@uky.edu.  If you have additional inquiries contact security@uky.edu.



What should I do if my personal device is infected?

Visit BleepingComputer’s ransomware help forum, which often has tutorials on how to remove malware and in some cases unlock encrypted files without paying the ransom. In addition, the No More Ransom Project also includes an online tool that enables ransomware victims to learn if a free decryptor is available by uploading a single encrypted file.