Security Advisory: CryptoLocker

Summary

You should be aware that a new piece of Malware called “CryptoLocker” is infecting Windows computers.

CryptoLocker encrypts the infected computer’s documents. It can encrypt files on shared network drives, USB sticks and external hard drives. This makes these documents unusable. The Malware then displays a webpage, via a popup, demanding money to restore your documents.

It currently spreads via phishing email attachments which have links to malicious or compromised websites.

Why be concerned?

This malicious software will encrypt your files with a unique key that only the hackers have access to. The hackers will ask you to pay a ransom of at least $300 to get your unique key back. After 72 hours, your unique key is destroyed making it impossible to decrypt your files. Even the NSA can’t decrypt your files so basically your files are lost forever.

Prevention

The best ways of preventing Ransomware are as follows.

  • Be careful when opening attachments in email especially from people you don’t know or trust. It has been seen in attachments from FedEx and UPS tracking emails. Stay alert and verify before you click.
  • Perform regular computer backups to offline storage regularly. OIT offers cloud-based CrashPlan for Staff/Faculty use. CrashPlan can recover files before your system got infected.
  • Maintain up-to-date antivirus software, OIT offers free McAfee Anti-Virus.
  • Keep your computer’s operating system up-to-date.
  • Update all the software on your computer especially Microsoft Office, Adobe product, Java and Browsers.
  • Be careful about what websites that you visit.  
  • Don’t download and install unfamiliar software.  
  • Don’t download files from Torrent sites.

Personally Owned Computer (Non-UAH owned)

What to do if I think my computer is infected.

  • Disconnect your computer from the network immediately.
  • Contact the OIT Help Desk at 256.824.3333.

 

For more information see the webpages listed  below:

https://www.us-cert.gov/ncas/alerts/TA13-309A

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information