logo            logo

What's New


To: All Staff and Students

From : Information Technology Unit

Date: 15 May, 2017

ITU Notification - Outbreak of WannaCry Ransomware

As you may aware there was an outbreak of Ransomware named "WannaCry" on 12 May 2017, it has been claiming victims globally. A new variant of the “Ransom.CryptXXX” family (Detected as Ransom.Wannacry) of ransomware began spreading widely impacting a large number of organizations.

What is the WannaCry ransomware?

WannaCry encrypts data files and ask users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

Figure 1 Ransom demand screen displayed by WannaCry Trojan

It also drops a file named “!Please Read Me!.txt” which contains the ransom note.

Figure 2 Ransom demand note from WannaCry Trojan

WannaCry encrypts files with most of common file extensions and append “.WCRY” to the end of the file name. It propagates to other computers by exploiting a known SMB remote code execution vulnerability in Microsoft Windows computers which do not have the latest Windows Security Updates applied.

What are best practices for protecting against ransomware?

  1. Backing up important data to an off-line disk storage is the single most effective way of combating ransomware infection. Attackers have leveraged over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up.
  2. New ransomware variants appear on a regular basis. Always keep your security or anti-virus software up to date to protect yourself against them.
  3. Email is one of the main infection methods. DO NOT OPEN unexpected/suspected emails especially if they contain links and/or attachments.
  4. Be extremely aware of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.

What should you do if your office computer is infected?

  1. Unplug the network cable from your computer immediately.
  2. Unplug any USB external hard disk or flash drive.
  3. Report the case to ITU helpdesk or unit’s coordinator.

Can you recover the encrypted files?
Decryption is not available at this time and you are not recommended paying the ransom. Encrypted files should be restored from the former backup.

Microsoft’s Guidance for customers regarding WannaCry (WannaCrypt) attacks

Information provided by Hong Kong Computer Emergency Response Team Coordination Centre(HKCERT) on WannaCry

Should you have any enquiries, please contact user support team or ITU Helpdesk at 3746-0818 / 3746-0819 or email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

William Lo
Server Administration Team
Information Technology Unit


HelpDesk Contact

HHB Campus
12/F, Room 1201
(Mon-Fri : 8:30am to 5:30pm)
11/F, Student Computer Centre
(Mon-Fri : after 5:30pm;
Sat : Whole day)

WK Campus
5/F, South Tower, Student Computer Centre
3746 0819

HelpDesk Email:

This e-mail address is being protected from spam bots, you need JavaScript enabled to view it


© 2011 CPCE Information Technology Unit (ITU) Privacy Policy Statement and DisclaimerSite Map
This website is best viewed with Microsoft Internet Explorer 7.0 and Firefox 3.0 or above