I'm sure that almost every Windows user is using an antivirus or has heard of versions of this type of malware. However, UT sent out a warning today. I figured that was something relatively new for the area.
U.T.'s Chief Information security officer sent out a notice to all staff members this afternoon warning about a ransomeware threat.
The Cryptolocker, when installed will encrypted the files such as Microsoft Office files, PDFs, images, etc. on your computer to make them unusable. The ransomware will request for you to pay $300 to decrypt the files within 72 hours or your files are lost. It is highly recommended not to pay this fee because they will flag you as a vulnerable user and may focus more attacks on you. It can also put your credit card into risk of theft.
Here is a link that further describes the nature of the threat.
Prevention is mentioned if you follow the link. "This malware is contracted by clicking on email attachments or through social engineering methods." We have all read or heard the do not open attachments unless you were expecting them, etc.
How to get rid of it.
Oh yeah... The UT email was sent out because machines at U. Toledo were infected with it.
Good stuff Paul. I just got a notice from Mann Technologies about this. They seem to be on top of things as well.
Thanks Molsonater -- I figured that I better be of some use around here besides the Blade stuff.
I guarantee that UT will be paying the ransom if one of their users infects valuable network shares - that is if their security software didn't already delete the public key. A number of companies have been hit by a user who overrode a security threat warning. Hope your backups are fresh.
nick44: I thought the same thing! Can you imagine! Network shares encrypted and unavailable? Apparently the malware can do that according to the links. I wonder what might have happened at U.T.? hmmmm....
Paul, I know of several in the last several weeks where something similar has occurred. I just don't understand why some people can't slow down and think before they open an attachment. I am sure you have witnessed those who send and receive emails on a massive scale. Often times their correspondence reads like thoughtless ramblings as they read and fire off obtrusive memos in a frenzied fashion. This is the type that always comes to mind. When your message closes with "Most Sincerly yUors, Dana IT Help desk", you don't question the authenticity?
I got the virus at work and a few months later, at home (last weekend) I was surprised it got past my anti-virus program at work, and at home as well. A pain in the ass to get rid of it. Locks up your computer. Had to research how to get rid of it in safe mode.
"All your base are belong to us"
I swear, ransomware is the worst form of malware. Legit looking popups saying you need to scan for viruses, jacked up Facebook links, shady websites, official looking emails are all ways it can get on to your computer. They are a pain to remove, but at this point having removed it from work, friend, family, and my own computers I've got it down to a science. Same basic steps and programs followed by other cleanup via directions on bleepingcomputer.com or another site.
I saw a copy of the info UT sent out yesterday and my question was: "What took you so long?"
I've been repeatedly warning our staff at work to remain ever vigilant against Cryptolocker for at least two weeks. It is one nasty virus/malware. Pretty much the only solution is a full restore from a backup - after you've wiped your infected drives clean. If you backup to external drives, make sure they don't remain attached to your system or they're likely to be infected as well.
While most, if not all, of the major AV vendors are able to detect Cryptolocker, to my knowledge none of them have been able to defeat the encryption it leaves behind.
Update - My older son is a network engineer. He has heard of a few local companies losing lots of data. One had to abandoned their older server and all of its data. So, not only was their server down, but they also had to change software and hardware before they had planned. Anyone in IT will tell you that is very very bad.
I got hit with this on Saturday...at least something that was made to look like it. Not sure. I was working and my LT got real slow and the light on my webcam turned on--I never use it. I immediately shut down, but was prompted with the threat of losing my data if I didn't pay the random when I rebooted.
I was able to login with another profile and do a system restore from a point a few days earlier. So far, so good.
This is very real and very nasty. Not entirely sure where it came from. I have all the latest security updates. I have been getting a ton of spam through Yahoo mail, so I am in the process of dumping that email service.
a bit of advice -
1: DO. NOT. open any executable email attachments ever. If you're not 100% sure what an attachment is or you're not positive why you got it, email the sender and ask them if they intended for you to receive it.
2: Install antivirus software. I personally recommend Avast! antivirus in terms of free antivirus packages. http://www.avast.com/index
3: Maintain backups of your system. I recommend that you don't have any single point of failure for your documents and important information. Use a service such as Carbonite for offsite ("cloud") backups and maybe an external hard drive for weekly backups.
4: If you get hit, DO NOT PAY. You won't get your data back, and you're going to be supporting the criminal efforts of very, very very very smart people.
Good luck out there, kids. :)
(whoops - forgot to do 2a: for extra protection that's worth having, I highly recommend going for the paid version of Avast! http://www.avast.com/premier )
This is an updated CERT alert regarding Cryptolocker. I met another individual whose son's Windows 7 computer is now a wreck.
Login or create an account to post a comment.