<div dir="ltr"><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">A ransomware campaign is currently spreading globally.  Please review the US-CERT advisory and alert users on the increase in cyber threats.  </p><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">Recommendations:</p><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">-Close ports <em style="font-family:arial,sans-serif;font-size:small;color:rgb(34,34,34)"><b><span style="font-size:11pt;font-family:calibri,sans-serif;color:black">22, 23, 3389, TCP 139 & 145/UDP 137 & 138</span></b></em></p><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">-Verify Microsoft patch is applied <em style="font-family:arial,sans-serif;font-size:small;color:rgb(34,34,34)"><b><span style="font-size:11pt;font-family:calibri,sans-serif;color:black">(</span></b></em><span style="font-size:12pt;font-family:"times new roman",serif;color:rgb(33,33,33)"><em><b><span style="font-size:11pt;font-family:calibri,sans-serif;color:blue"><a href="https://technet.microsoft.com/library/security/MS17-010" target="_blank">MS17-010</a>).</span></b></em></span></p><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">-Have good/tested data backups (preferably not connected to the network).</p><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">Thanks,</p><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">CK</p><p class="MsoNormal"><b><span style="font-size:8pt;color:rgb(23,54,93)">Chris Kosciuk</span></b></p><p class="MsoNormal"><b><span style="font-size:8pt;color:rgb(23,54,93)">Information Security</span></b></p><p class="MsoNormal"><span style="font-size:8pt;color:rgb(31,73,125)">Oklahoma State Regents for Higher Education / OneNet <br>655 Research Parkway</span><span style="font-size:8pt"></span></p><p class="MsoNormal"><span style="font-size:8pt;color:rgb(31,73,125)">Suite 200</span></p><p class="MsoNormal"><span style="font-size:8pt;color:rgb(31,73,125)">Oklahoma City, OK  73104</span><span style="font-size:8pt;color:rgb(31,73,125)"><br></span><span style="font-size:8pt;color:rgb(31,73,125)"><a href="tel:(405)%20225-9440" value="+14052259440" target="_blank">405 225.9440</a> office</span></p><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)"></p><p class="MsoNormal"><u><span style="font-size:8pt"><a href="mailto:ckosciuk@osrhe.edu" target="_blank">ckosciuk@osrhe.edu</a></span></u></p><p style="font-size:13px;margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">>>>>>>>>>>>>>>>>>>>>>>>>>>></p><div><p style="margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;font-size:13px;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world. <a href="https://www.us-cert.gov/security-publications/Ransomware" target="_blank" style="color:rgb(0,94,189);margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Ransomware</a> is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.</p><p style="margin:5px 0px;padding:5px 0px;border:0px;outline:0px;vertical-align:baseline;font-variant-numeric:inherit;font-stretch:inherit;font-size:13px;line-height:inherit;font-family:arial,helvetica,tahoma,sans-serif;color:rgb(51,51,51)">Ransomware spreads easily when it encounters unpatched or outdated software. The WannaCry ransomware may be exploiting a vulnerability in Server Message Block 1.0 (SMBv1). For information on how to mitigate this vulnerability, review the US-CERT article on <a href="https://www.us-cert.gov/ncas/current-activity/2017/03/16/Microsoft-SMBv1-Vulnerability" target="_blank" style="color:rgb(0,94,189);margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Microsoft SMBv1 Vulnerability</a> and the Microsoft Security Bulletin <a href="https://technet.microsoft.com/library/security/MS17-010" target="_blank" style="color:rgb(0,94,189);margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">MS17-010</a>. Users and administrators are encouraged to review the US-CERT Alert <a href="https://www.us-cert.gov/ncas/alerts/TA16-091A" target="_blank" style="color:rgb(0,94,189);margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">TA16-091A</a> to learn how to best protect against ransomware. Please report any ransomware incidents to the <a href="https://www.ic3.gov/default.aspx" target="_blank" style="color:rgb(0,94,189);margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Internet Crime Complaint Center (IC3)</a>.</p></div><div><br></div><div><a href="https://www.us-cert.gov/ncas/current-activity/2017/05/12/Multiple-Ransomware-Infections-Reported" target="_blank">https://www.us-cert.gov/ncas/<wbr>current-activity/2017/05/12/<wbr>Multiple-Ransomware-<wbr>Infections-Reported</a><br></div><div><br></div><div><br></div></div>