Vicious malware appears on campus
CryptoLocker and other ransomware locks you out of your computer files
3:26 p.m., Nov. 7, 2013--University of Delaware Information Technologies (IT) reports that at least one computer on campus has been infected by CryptoLocker, a particularly vicious form of “ransomware,” malware that encrypts your computer’s files so you cannot use them. The software then tries to extort a payment from you in order to receive the decryption key and program.
Ransomware is not new; however, CryptoLocker and some of its variants are particularly difficult to remove from a computer. In fact, given the success CryptoLocker has had infecting Windows computers over the past several weeks, Windows and Macintosh users should both make sure that their computers and files are protected against the increase in ransomware most experts expect.
Winter storm warning
“Ransomware like CryptoLocker is going to become one of the top threats to computers,” Karl Hassler, associate director, IT Security, said. “It enables cyber criminals to quickly monetize their exploits. There’s a gold rush happening in this area of cyber crime.”
“CryptoLocker has raised the stakes. If you don’t take proper precautions, you may lose information stored on your computer or on a mapped drive and not be able to recover it,” Joe Kempista, director, IT Client Support and Services, said. “The precautions are the same ones IT has given out in the past: back up your files, be wary of strange links and attachments sent by email, and keep all your computer’s software current.”
According to the U.S. Computer Emergency Response Team (CERT Alert TA13-309A) and other experts, the current wave of ransomware is infecting computers in a variety of ways:
- Exploiting vulnerabilities in outdated anti-virus software, unpatched Windows operating systems, and outdated versions of other software such as Java and Adobe Acrobat.
- Sending attachments in email messages.
- Downloading from infected websites, some scam sites, some infected versions of legitimate websites.
The best ways of preventing a ransomware attack are as follows:
- Update your computer’s McAfee anti-virus software. (The version downloadable for members of the UD community is configured to update automatically.)
- Update your computer’s operating system.
- Update all software on your computer, especially Microsoft Office, Adobe products, and Java.
- Be cautious about what attachments to email messages you open.
- Be cautious about what websites you visit.
- Do not download and install unfamiliar software, even if its maker claims it will prevent ransomware.
IT is taking steps to scrub attachments containing ransomware and other malware from University email. “But this kind of attack can only be prevented if individuals take responsibility for the computers they use every day,” Hassler said.
Because malware can take advantage of a newly discovered security vulnerability before software updates are available to patch that vulnerability, it is imperative that you make regular backups, and store them somewhere safe, preferably offline. CryptoLocker can attack files on a drive connected to your computer.
- UD employees should check with their department’s or college’s IT staff about how systems attached to a department’s network are backed up. A department’s shared network drives that are backed up by UD IT should provide the level of back up required for safety.
- If you use a laptop, a UD-owned system not part of a departmental network, or personally owned systems, make sure you have a clean back up of your computer’s files. Instructions for Windows and Macintosh computers are linked below:
Windows instructions (from Microsoft).
Macintosh instructions (from Apple).
It is up to an employee and his or her department whether to a) invest in media to back up a system’s software and operating system or b) plan to reload the software and operating system from original DVDs or downloads if a system is attacked and needs to be rebuilt.
“Without a clean back up stored on a separate drive or series of DVDs, you may not be able to recover information or software affected by a ransomware attack,” Kempista said.
For more information and assistance, contact your departmental or college IT staff, or contact the IT Support Center.