New malicious software

SAS Computing and ISC’s Information Security Office are monitoring a massive ransomware attack that appears to have infected many organizations around the world. The WannaCry ransomware (also called WCrypt or WCry) spreads rapidly on an organization’s network, targeting unpatched Microsoft operating systems. Once infected, files on a Windows computer are encrypted and a ransomware popup window appears demanding the user pay approximately $300 in Bitcoin to unlock (decrypt) the files. The computers that are most vulnerable to this attack are Windows computers that have not been patched recently.

Most SAS computers are patched and managed by SAS computing, and their patches should be up to date as patching status is monitored on an ongoing basis by SAS Computing staff.

For computers you manage yourself or for your home computers, it is very important that you take the following steps to protect your data as soon as possible:

  1. Ensure you have a current backup of your files. Back up the files stored on your computer to an external hard drive (or even a thumb drive) and disconnect the external hard drive afterwards.
  2. Patch (ie update) your Windows operating system by running the latest Microsoft updates. For information on how to do so see the following:
  3. Avoid clicking on unexpected links or opening attachments from people you don’t know or companies you don’t do business with.

You may also want to reach out to your LSP on Monday and ask about how SAS Computing can automatically patch your SAS computer for you and help ensure you have a means of backing up your data.

If your computer becomes infected:

  1. Immediately disconnect your computer from the network (unplug the network cable and/or disable wifi)
  2. Contact your Local Support Provider (LSP):

Information about this latest attack can be found here:

For more information about ransomware in general, please see: