Information Technology Services

Drop Shadow

Ransomware Variant CryptoLocker

Student Staff Faculty Alumni

Phishing ALERT - CryptoLocker Ransomware Threat

Email users around the world have been targeted with email attacks that infect Windows computers with a "ransomware" virus called CryptoLocker. This article explains what CryptoLocker does and how to protect against it.

 

What does this virus do?

When this virus infects a system, it immediately encrypts the user's data and possibly the data on any external drives (such as USB/thumb drives) or network share drives to which the machine is currently connected. Once the data has been encrypted, the virus prompts the user to pay money by a specified deadline to decrypt the data. If there is no response before the deadline, the key to decrypt files specific to the encrypted machine is destroyed. Once the files are encrypted there are no other alternatives EXCEPT to recover the data from an offline or cloud-based backup.

 

Will your Antivirus program protect you?

At this time, both Symantec and other major antivirus vendors have updated signatures to this virus and prevent its infection. However, they do NOT not have a way to decrypt the files once they have been encrypted.  It is critical that you keep your antivirus active and updated daily.

 

What you can do to protect your computer and your data?

Do NOT open attachments from people you are not expecting to get attachments from. This includes emails from printers saying they have sent you a scanned document, or from shipping companies stating there is a customer support issue.

Continue to keep your antivirus signatures updated.

Importantly, the only sure way to beat this virus and others like it is to make regular backups of your data and store them offline.  Most regular backups will not offer sufficient protection -- this virus will also encrypt your backup if it's physically connected to your computer!  There are two defenses against this attack:

1.  Cloud Based Backup:  These programs will backup your data to a server on the Internet.

 

·      CrashPlan:  http://www.crashplan.com

·      Mozy:  http://www.mozy.com

·      Carbonite:  http://www.carbonite.com

 

2.  Off-line Backup:  Copy your files to a USB drive or external hard drive, then DISCONNECT the backup from your computer.  If your computer becomes infected while your backup is connected, the backup will also be affected and will become unusable!

 

Where Can I Go To Learn More?

The Department of Homeland Security maintains a website with information about this virus:

https://www.us-cert.gov/ncas/alerts/TA13-309A

 

Scientific American has an excellent article discussing this threat:

http://www.scientificamerican.com/article.cfm?id=ransom-malware


You can review samples of ransomware emails and popup messages here:

https://www.google.com/search?q=Ransomware+images&client=firefox-a&hs=oO4&rls=org.mozilla:en-US:official&tbm=isch&tbo=u&source=univ&sa=X&ei=GbuCUrDVGYPDigK5joHwDw&ved=0CDoQsAQ&biw=1536&bih=858

 

What should I do if I get infected?

• Immediately turn off your computer.

• Do not attempt to move files or circumvent the problem.

• Immediately contact the ITS Help Desk at ext.  7900 or help@sandiego.edu