Lessons Learned from the WCry Ransomware Attack

The following post is by guest blogger and Cengage author Dr. Mark Ciampa.

Over the past few days a malicious attack has shut down computers around the world. However, the quick actions by a security researcher prevented it from becoming a major catastrophe.

This global attack distributed one of the fastest-growing types of malware known as ransomware. Ransomware prevents a user’s device from properly and fully functioning until a fee is paid. The ransomware embeds itself onto the computer in such a way that it cannot be bypassed, and even rebooting causes the ransomware to launch again.

Ransomware continues to be a serious threat to users. One recent report estimated that $1 billion was paid in ransom in one year, yet only 42 percent of those who paid the ransom could then retrieve their data. Enterprises are also prime targets. A recent survey revealed that almost half of all enterprises have been a victim of a ransomware attack. Several recent well-publicized ransomware attacks demanding higher ransoms were against:

  • Hollywood Presbyterian Medical Center ($17,000)
  • Los Angeles Valley College ($28,000)
  • San Francisco’s Municipal Transportation Agency ($73,000).


An ever more malicious form of ransomware has recently appeared. Instead of just blocking the user from accessing the computer, this ransomware encrypts all the files on the device so that none of them could be opened. This is called crypto-malware. A screen appears telling the victim that his files are now encrypted and a fee must be paid in order to receive a key to unlock them. In addition, threat actors increased the urgency for payment: the cost for the key to unlock the crypto-malware increases every few hours or a number of the encrypted user files are deleted every few hours, with the number continually increasing. And if the ransom is not paid promptly (often within 36 to 96 hours) the key can never be retrieved.

On Friday (May 12 2017) a new strain of crypto-malware ransomware suddenly appeared around the world, locking up computers at banks, hospitals, telecommunications services, transportation agencies, as well as user’s personal computers. The malware, known as Wanna, Wannacry, or Wcry, initially infected at least 75,000 computers in at least 74 countries. Russia was the victim of the highest number of attacks by a wide margin, followed by Ukraine, India, and Taiwan. Ransomware infections also spread through the United States. The Wcry ransom is $300 and users had 3 days to pay before it doubled to $600. If they did not pay in one week then the ransomware threatened to delete the files altogether.


There were two elements that made this attack unique. First, the ransomware was written with ransom demands in over two dozen languages, so it clearly was intended to be a global attack. Second, the ransomware exploited a vulnerability called “EternalBlue”, first uncovered by the National Security Agency (NSA) which was using it as part of its own arsenal in attacking and spying on other nations This EternalBlue code was stolen from the NSA and leaked to the world last month by a group calling itself Shadow Brokers. The Wcry ransomware copied virtually verbatim large sections of EternalBlue.

In the initial hours of the attack wide-spread concern quickly grew that this would cripple computers around the world and become a major cybersecurity attack. However, just a quickly as it started it suddenly died down. What happened?

How Was This Attack Taken Down?

A British security researcher who was following the initial attack received a sample of the malware code and quickly analyzed it. He saw that the malware contacted an attacker’s command and control (C&C) server that was based on an unregistered domain. As part of the normal protocol of security researchers who try to limit attacks, he promptly registered the domain so that now he controlled it and not the attackers. As it turned out, this was a major stroke of luck. The attackers who wrote the code included an instruction to try to circumvent it from being analyzed. Wcry ransomware attempted to connect to the specific domain used by the attackers: if the connection is NOT successful the ransomware leaps into action and locks up the computer, but if it IS successful the malware exits. By registering the domain and taking control of it this British security researcher saved the day: all instances of Wcry did connect to the domain (after it was registered) and thus did nothing.

This significantly crippled WCry. As of the first of this week (May 15 2017) only 263 payments have been made to the three Bitcoin wallets linked to the code in the malware earning the attackers only $71,000. This is a far cry from what could have happened.

So what are the lessons learned?

As with many attacks, WCry’s initial success was based on an oft-repeated user mistake: not keeping their computers patched. The vulnerability in Windows that was exploited by WCry (Apple computers are not impacted) was actually patched back on March 14. Had users patched their computers, Wcry could not have spread as it did. Microsoft also took the unprecedented step of creating a patch for the Windows 8, Windows XP, and Windows Server 2003 operating systems, even though those software versions are no longer supported.

Apply the Patch Now

It appears that there are some variations of WCry still circulating without the “kill switch,” so vigilence is still the word. If you have a Windows 10 computer you can apply the patch here.  and if you have an older Windows verion you can apply the patch here

To read the technical details of the attack you can go here.

To read about the attack from information written by the British researcher go to the Ars Technica site here.

Stay secure!

Dr. Mark Ciampa is an Associate Professor of Information Systems in the Gordon Ford College of Business at Western Kentucky University in Bowling Green, Kentucky.  Prior to this he was an Associate Professor and served as the Director of Academic Computing at Volunteer State Community College in Gallatin, Tennessee for 20 years. Mark has worked in the IT industry as a computer consultant for the U.S. Postal Service, the Tennessee Municipal Technical Advisory Service, and the University of Tennessee.  He has published 17 articles in peer-reviewed journals and is also the author of over 23 technology textbooks, including Security+ Guide to Network Security Fundamentals 5ed, CWNA Guide to Wireless LANs 2ed, Guide to Wireless Communications, Security Awareness: Applying Practical Security In Your World 5ed, and Networking BASICS. Dr. Ciampa holds a PhD in technology management with a specialization in digital communication systems from Indiana State University and also has certifications in Security+ and HIT.


Microsoft Announces New Teams, Minecraft, and Surface Laptop

Microsoft CEO Satya Nadella opened the company’s Education-focused event today by asking, “How can technology create opportunity for all?”

Believing that technology should help, not hinder, a teacher’s work in the classroom, Microsoft is releasing Windows 10 s this Summer in time for the new school year.

Microsoft said that the students entering school today is the first generation who speaks technology as their first language, and learns primarily by collaborating. An estimated 65% of students in school today, will have jobs that do not yet exist – STEM curriculum will set these students up for success in the future.

This new version of Windows will feature more security and faster load times, it’s streamlined for consistency, and provides superior performance.

Changes are coming to Teams too, designed specifically for education, and includes classroom chats (with emojis and gifs – FINALLY! I’ve been waiting!!! Outlook, where you at?), assignment submissions and more. Teachers will have special moderating and facilitating controls for “teachable moments”.

Windows 10 s will come with a free subscription to Minecraft Education Edition, free Windows 10 S for all schools on current Windows Pro PCs, and free Microsoft Office 365 for Education with Microsoft Teams.

Microsoft believes in Learning by Doing. Minecraft has over 100 million players worldwide. Microsoft gave an example of using Minecraft in the classroom from a teacher in the UK, who asked his students to create a livable habitat on Mars. Using math to manage their resources and figuring out how to grow food, students learned to code and used critical thinking skills to complete the project.

Microsoft also released their new Surface Laptop (with Windows 10 s), touting that this is the laptop that will last a student throughout their entire education. The product looks super sleek and nice, and I’d like one for myself.  I’m not a techy person, but Microsoft said that in designing this product, they wanted it to be more personal, and not design just another piece of equipment, and honestly, I got that sense from this Laptop.

Did anyone else watch the livestream this morning? What do you think of Microsoft announcements? Will Windows 10 S have an impact on the use of iPads and Google?


Office 2013 No Longer Available for Installation for Office 365 Subscribers

As of February 28, 2017, Office 365 subscribers can no longer download or install Office 2013 from the Office 365 My Account web portal, Microsoft released on their Support blog last week.

Customer support and troubleshooting came to end, too, for the following products:

  • Office 365 ProPlus (2013)
  • Office 365 Small Business Premium (2013)
  • Office 365 Business (2013)
  • Project for Office 365 (2013)
  • Visio Pro for Office 365 (2013)

Looking for more information on Office 2016 before you upgrade? Check out our guide, and let us know if you find it helpful!

Microsoft Delays February Patch Release

Microsoft announced today that they are postponing their February 2017 security update for Windows and other products, which was slated to release today.

The Microsoft Security Response Center (MSRC) posted the following to their blog this afternoon:

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.

So far, there’s no word on when the updates will release. We will continue to keep you post here on the blog, and on Twitter and Facebook!

Is Windows 7 Dangerous to Use?

Microsoft is warning Windows 7 users that the platform contains security deficiencies and hardware restrictions that essentially make it more susceptible to cyber-attacks.

“Today, [Windows 7] does not meet the requirements of modern technology, nor the high security requirements of IT departments,” says Markus Nitschke, Head of Windows at Microsoft Germany.

Microsoft says that continuing use of Windows 7 will result in reliability and compatibility problems that will lead to “higher operating costs.”

windows 7

A lot of contributors to the tech blogosphere are calling this a “scaremongering” tactic by Microsoft to “drive more users to Windows 10,” given the recent announcement that Microsoft will end support for the aging operating system in January 2020.

I think that Windows 10 is a great upgrade. I think users will organically switch over, after the initial hesitation and potential risks for compatibility issues has subsided.

What version of Windows does your institution use? If you haven’t already, when will you make the upgrade to Windows 10?

Does Academia Know What Technology Employers are Looking For?

It started two years ago. I stopped using my laptop or tablet at home, and only used my phone to Google, shop, scroll through Instagram, or check email as I’d wind down at night. Now, I still use my phone, but I mostly rely on Siri to do my Googling for me.

Now, with Google Assistant, Cortana, and Alexa, the talk-to-tech trend is taking off – it’s easier and faster than finding your phone, unlocking it, opening an App, or tapping any keys.

Now that Amazon allows programmers to connect existing services to Alexa, the cloud-based voice service that powers the Echo, every-day programmers can build entirely new voice-powered experiences, called Skills, with “just a few lines of code,” for free. Voila! Alexa now opens and uses Apps for us!

Alexa is taking over home appliances, too.  Appliance makers LG, Whirlpool, GE, and Samsung introduced products, like a vacuum, that starts by issuing a command to an Echo. LG’s forthcoming Smart InstaView Door-in-Door refrigerator will connect to Alexa, so users can ask her to pull up recipes on a touchscreen, or order food.

It’s still the early days with voice command services, but what does this mean for education? I think it means Computer Science & Programming education is more important than ever. STEM job growth will surpass all other jobs at 18.7% between 2010 and 2020, leading to 1.1 million computing jobs by 2024.

Does the academic community know what technology employers are looking for? Last week’s post discussed the relevancy of the computer lab in today’s schools – Cengage author Mark Frydenberg shared his Sandbox mission – should more schools get onboard?

Are Computer Labs Necessary in Today’s Schools?

Are computer labs necessary in today’s schools?

According to Cengage author Mark Frydenberg, the answer is yes, but not in the traditional way.

As BizEd Magazine reports, in 2017, “students have their own laptops, so they no longer need a place to connect to the internet or write papers. Instead they need spaces where they can experiment with new technologies.

That’s why, in 2011, Frydenberg spearheaded the development of Bentley University’s Learning & Technology Sandbox, also known as “CIS Sandbox,” for the computer information systems department.

He tells BizEd, “When I was asked to take over the lab in 2010, I was reluctant because it wasn’t a place where I wanted to spend my time. But then I started thinking about what the future of computer learning could be.”

The Sandbox replaced the old computer lab, a traditional space with 40 computer stations, gray carpeting, gray furniture, and no windows, as described by BizEd. With the help of University funding, the space underwent a complete renovation, “replacing the computer stations with six U-shaped tables with monitors for group work, wall-mounted display monitors, and soft chairs for lounging.”

How is the CIS Sandbox used? Frydenberg says it provides IT tutoring, exposes students to new tech, and hosts speakers, workshops and other programming, and gives students a place to study and socialize.

It’s popular, too. The article notes that more than 3,000 students spend time at the Sandbox each semester, and the admissions office, who once said “every school as a computer lab, so no one’s going to come to Bentley because of that space,” has now put the Sandbox on the tour for prospective students.

“Our mission at the Sandbox is to create a space where students can explore technology in a social way,” Frydenberg tells EdBiz. “Giving them the ability to play with the next up-and-coming technological tools or program an app—it’s a pretty powerful thing.”

Tell us what you think – Is a Sandbox the computer lab of the future?

Leaked Preview Hints at Option to Pause Windows Updates

If you’re using the Home edition of Windows 10, you know that you cannot defer the automatic system updates. However, according to leaked preview builds of Windows 10, Microsoft will soon release a new option to pause updates for up to 35 days.

The Professional, Enterprise, and Education editions of Windows 10 already allow users to defer updates, delaying upgrades for 30 to 180 days, depending on whether it’s a feature update, or a quality update.

Microsoft faced criticism over their handling of Windows 10 in 2016, with some accusing the company of “tricking” Windows 7 & 8 users to upgrade.  Microsoft CMO Chris Capossela owned up to this during the Windows Weekly Podcast, admitting to aggressively pushing users to upgrade to Windows 10.

What do you think of Windows 10 updates? So far, so good? Or are there other unresolved issues you think Microsoft should address?

MindTap Integrates Live Virtual Machine Labs for IT Students

Further preparing students to succeed in the high-demand field of computer and information technology (IT), Cengage and Practice Labs, a London-based edtech company, announced the integration of live virtual machine labs into MindTap last week!

Employment in the computer and IT space is projected to grow 12 percent from 2014 to 2024 – faster than the average for all occupations. With Practice Labs integrated directly into MindTap, students are able to work with live servers and networking hardware from their web browser without leaving the MindTap platform, giving them the hands-on practice needed to develop and master skills that are immediately transferable to the workforce.

“Students love that they are working in a live environment with real servers and networks that they can explore, fail, try again until they succeed. Instructors love that the labs are already built and tested – and that they map to the certification objectives, the Cengage text, and their curriculum.,” said Ricky Doyle, CEO of Practice Labs.

To learn more about Practice Labs, and to see which MindTap courses have live virtual machine labs integrated into the Learning Path, click here.

Microsoft’s LinkedIn Acquisition to Close Soon

Microsoft announced today that they have received all necessary clearance for their acquisition of LinkedIn, and that the deal is set to close “in the coming days.”

The European Commission was the last to approve the $26.2 billion buyout, after the US, Canada, Brazil and South Africa.

Microsoft said they had the opportunity to review the acquisition with government officials and regulators in “considerable detail,” thus formalizing several commitments regarding Microsoft’s support for third-party professional social networking services.

Why does Microsoft want LinkedIn? LinkedIn is a key tool for professionals. With 433 million members, it’s safe to say that most adults in the US use LinkedIn for finding jobs, and general networking. That said, it’s important to note that Microsoft has more than 1 billion Office users, but has no social graph, or representation of the interconnection of relationships in an online social network, of its own and until now, has had to rely on LinkedIn or Facebook to provide that connection.

In an internal memo, Microsoft CEO Satya Nadella explains, “This combination will make it possible for new experiences such as a LinkedIn newsfeed that serves up articles based on the project you are working on and Office suggesting an expert to connect with via LinkedIn to help with a task you’re trying to complete. As these experiences get more intelligent and delightful, the LinkedIn and Office 365 engagement will grow. And in turn, new opportunities will be created for monetization through individual and organization subscriptions and targeted advertising.”  

Read more about Microsoft’s LinkedIn acquisition here.