WannaCry strikes computer network

by Gigi Grigorian | 1/5/18 2:10am

Over winter break, the College was victim to a cyberattack by a strain of WannaCry, a ransomware virus that President Donald Trump’s administration has attributed to North Korea. Students received six email updates throughout the day on Dec. 18.

The virus entered the College’s network through an administrative computer that did not have the updated version of Windows. Luckily, nearly all of the College’s computers contained newer versions of Windows that did not have the exploitable vulnerability. Only about 40 machines lacked the updated version and were susceptible. Soon after, chief information security officer Steven Nyman made the call to shut down the College’s file sharing network until the vulnerable machines were wiped clean.

WannaCry has been involved in ransomware attacks worldwide, with a particular focus on Europe, and impacted the National Health Service in England in May 2017. Ransomware attacks happen when individuals fall victim to a phishing attack. The malware is downloaded to their devices and subsequently encrypts their files. The legitimate owners of the files cannot access them until they pay a financial ransom, usually in Bitcoin. Then, a code is sent to the victims to decrypt the files. Ransomware viruses are especially dangerous to networks of computers because of their ability to travel from one device to another.

“The more files [the virus] encrypt[s] and the more machines they take down, the higher the ransom,” Nyman explained.

After Nyman and his team identified the infected devices and wiped them clean of the virus, the blocks on the file sharing network were released later on the same day.

“We had to take down the network to protect Dartmouth’s greater infrastructure because, when this virus first hit, we did not necessarily know exactly what it was going to do,” he said.

Due to the broad network accessibility required at universities, it is more difficult to secure their networks than it is for other institutions such as a bank or pharmaceutical, said computer science professor David Kotz ’86.

Director of academic and campus technology and associate chief information officer Alan Cattier ’86 acknowledged the same challenge in securing university networks and stressed a balance between having the right precautions and not overburdening a community with safegaurds.

Universities are often targeted for their advanced technological research, private information of students and high profile visibility.

“Universities as a whole generate a huge amount of intellectual property. External actors who are interested in getting a leg up on their competition and on America might find it tempting to steal technology at the very early stages,” said computer science professor V.S. Subrahmanian.

Nyman added that “certain nation-state actors” have attempted to breach the College’s systems.

Protecting personal data is also significant, especially for those under the age of 18. This could include student health information or grades, not to mention links between the College and the medical information of Dartmouth-Hitchcock Medical Center, Subrahmanian said.

In order to keep Dartmouth safe from cyberattacks, Nyman encouraged students to be careful about what they click on and to report any problems if they do click on a phishing link by mistake. Kotz suggested that students should ensure that their softwares stay up to date on their devices.