Written byCassandra Stephenson and Ryan Johnston
At least five U.S. colleges have been affected by the global ransomware virus known as “WannaCry,” CyberScoop has learned.
The Massachusetts Institute of Technology, Trinity College, the University of Washington, North Dakota State University and the University of Maine confirmed Tuesday that computers connected to their networks were infected by the virus.
“We had a handful of computers that were compromised but it didn’t spread,” University of Washington News Office Director Victor Balta told CyberScoop. “Normal operations were not affected in any way, but obviously we’re paying attention to this.”
The five schools are among the first known cases of U.S.-based educational institutions becoming victims of the WannaCry ransomware campaign. CyberScoop obtained a list of IP addresses with WannaCry infections that included more than a dozen machines at U.S. higher education institutions. Not all of the schools responded to requests for comment.
MIT reported that approximately 100 computers were affected by the attack and stated that the school’s IS&T department is working with members of the university community to secure devices across the 50,000 device network.
Trinity College spokesman Andrew Concatelli said “fewer than 20 computers” were affected.
Officials speaking on behalf of the University of Maine at Orono stated that they had not seen “anything widespread on an institutional level” regarding the ransomware, though they declined further comment.
North Dakota State officials confirmed an infection had occurred but declined further comment.
WannaCry also infected systems in Cook County, Illinois, representing the first known infection of a local government office, sister publication StateScoop reported Monday.
The ransomware exploits a vulnerability in older versions of Microsoft Windows by using malicious computer code thought to once belong to the NSA. The worm is able to infect entire computer networks running unpatched versions of Windows without manual transmission, making it especially threatening to large institutions.
Working through a remote command execution vulnerability, WannaCry encrypts and locks files and extorts the user for a payment in bitcoin in exchange for regaining access. Since the initial release of WannaCry on Friday, over 300,000 computers have been infected worldwide, with the most damaging impact witnessed in Europe.
Chris Bing contributed to this report.