<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1412390599;
mso-list-type:hybrid;
mso-list-template-ids:-2132236040 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><b>DATE:</b> 5/15/2017<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>SUBJECT:</b> Cybersecurity Update: Global Ransomware Campaign (WannaCry)<o:p></o:p></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:.25in;margin-left:0in">
<b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">OVERVIEW:<o:p></o:p></span></b></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:.25in;margin-left:0in">
<strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">A global ransomware campaign has affected many organizations initially by exploiting a vulnerability in the SMBv1 protocol. This ransomware variant is known as WannaCry
or Wann Decryptor. Organizations should remain vigilant in implementing best practices and recommendations regardless of perceived slowdowns in the spread of this ransomware variant.
</span></strong><strong><span style="font-weight:normal"><o:p></o:p></span></strong></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:.25in;margin-left:0in">
<strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">OneNet UPDATE:
</span></strong><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">OneNet is continuing to monitor traffic and is available for outreach assistance as needed.</span></strong><b><o:p></o:p></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>BEST PRACTICE SECURITY RECOMMENDATIONS:</b><b><o:p></o:p></b></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<strong><span style="font-family:"Calibri","sans-serif";font-weight:normal">Organizations should close ports 22, 23, 3389, TCP 139 & 145/UDP 137 & 138.<o:p></o:p></span></strong></li></ul>
<p class="MsoListParagraphCxSpFirst" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><strong><span style="font-size:11.0pt;font-family:Symbol;font-weight:normal"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span></strong><![endif]><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing (MS17-010).
<o:p></o:p></span></strong></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level2 lfo1">
<![if !supportLists]><strong><span style="font-size:11.0pt;font-family:"Courier New";font-weight:normal"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">
</span></span></span></strong><![endif]><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">Microsoft release patches for Windows systems no longer receiving mainstream support that mitigate the SMB vulnerabilities.<o:p></o:p></span></strong></p>
<p class="MsoListParagraphCxSpMiddle" style="text-indent:-.25in;mso-list:l0 level1 lfo1;text-autospace:none">
<![if !supportLists]><strong><span style="font-size:11.0pt;font-family:Symbol;font-weight:normal"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span></strong><![endif]><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">Disable SMBv1 on all systems and utilize SMBv2 or SMBv3 after appropriate testing.</span></strong><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal"><o:p></o:p></span></strong></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><strong><span style="font-size:11.0pt;font-family:Symbol;font-weight:normal"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span></strong><![endif]><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">Implement Principle of Least Privilege across all systems and services.<o:p></o:p></span></strong></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><strong><span style="font-size:11.0pt;font-family:Symbol;font-weight:normal"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span></strong><![endif]><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">Ensure endpoint security/antivirus definitions are updated. If endpoint security/antivirus is not in place, this should be one
your immediate priorities along with patching.<o:p></o:p></span></strong></p>
<p class="MsoListParagraphCxSpLast" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><strong><span style="font-size:11.0pt;font-family:Symbol;font-weight:normal"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span></strong><![endif]><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">Maintain Cyberawareness across the organization and remind user not to visit untrusted websites and open emails from un-trusted
or unknown senders.<o:p></o:p></span></strong></p>
<p style="mso-margin-top-alt:3.75pt;margin-right:0in;margin-bottom:3.75pt;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1;vertical-align:baseline">
<![if !supportLists]><strong><span style="font-size:11.0pt;font-family:Symbol;font-weight:normal"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span></strong><![endif]><strong><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";font-weight:normal">Have good/tested data backups (preferably not connected to the network).<o:p></o:p></span></strong></p>
<p style="mso-margin-top-alt:3.75pt;margin-right:0in;margin-bottom:3.75pt;margin-left:.5in;vertical-align:baseline">
<o:p> </o:p></p>
<p class="MsoNormal"><strong><span style="font-family:"Calibri","sans-serif";color:black">REFERENCES:</span></strong><strong><span style="font-family:"Calibri","sans-serif";color:black"><o:p></o:p></span></strong></p>
<p class="MsoNormal"><a href="http://blog.talosintelligence.com/2017/05/wannacry.html">http://blog.talosintelligence.com/2017/05/wannacry.html</a><o:p></o:p></p>
<p class="MsoNormal"><a href="https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/">https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/</a><o:p></o:p></p>
<p class="MsoNormal"><a href="https://technet.microsoft.com/en-us/library/security/ms17-010.aspx">https://technet.microsoft.com/en-us/library/security/ms17-010.aspx</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><strong><span style="font-family:"Calibri","sans-serif";color:black">ENDPOINT SECURITY:<o:p></o:p></span></strong></p>
<p class="MsoNormal"><a href="https://www.symantec.com/products/endpoint-hybrid-cloud-security/endpoint/endpoint-protection">https://www.symantec.com/products/endpoint-hybrid-cloud-security/endpoint/endpoint-protection</a><o:p></o:p></p>
<p class="MsoNormal"><a href="https://www.malwarebytes.com/">https://www.malwarebytes.com/</a><o:p></o:p></p>
<p class="MsoNormal"><a href="http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html">http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html</a><o:p></o:p></p>
<p class="MsoNormal"><a href="https://www.paloaltonetworks.com/resources/datasheets/endpoint-protection.html">https://www.paloaltonetworks.com/resources/datasheets/endpoint-protection.html</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:#1F497D">April Goode MBA SPP<br>
Director of OneNet Strategic Planning and Communications<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:#1F497D"><br>
</span></b><b><span style="color:#1F497D"><img border="0" width="212" height="75" id="Picture_x0020_1" src="cid:image001.png@01D2CD67.C39F0570" alt="OneNetBluBlk_rgb"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="color:#1F497D"><a href="https://onenet.net/national-weather-center-tour/"><span style="color:blue">Learn how OneNet powers weather prediction at the National Weather Center.</span></a></span></b><u><span style="color:blue"><o:p></o:p></span></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="color:#1F497D">Oklahoma State Regents for Higher Education<br>
655 Research Parkway Suite 200<br>
Oklahoma City, OK 73104<br>
P 405.225.9251<br>
F 405.225.9250<br>
Toll-free 888.5.ONENET<br>
<a href="mailto:april@onenet.net"><span style="color:blue">april@onenet.net</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>