Dear Faculty, Students, and Staff,
Ransomware is malware designed to cripple or restrict access to a computer or files in order to extort money from the victim. To restore access, the ransomware demands that you must pay a ransom (hence the name) which can be anything from using a credit card for payment to making a payment using Bitcoins (an electronic currency).
The first modern Ransomware released on unsuspecting victims was CryptoLocker. This name has become generically used to refer to such ransomware. CryptoLocker encrypts files to prevent access to them. Once encrypted the only way to get the files back is to pay the ransom and hope that the decryption process works. Or, restore the files from a backup that was done before the malware was installed. Unfortunately, these types of malware can encrypt not only your local files on your machine, but also any remotely accessed drives (such as our Network Drives or Dropbox or Google Drive folders). So the consequences of these types of malware are not limited to your own personal files, but could extent to other files in our campus (and any other files your system has access to).
Usually the malware is delivered via email with an attachment (usually a file with an extension like .zip, .js, .docm, .xlsm, .pptm among others). The wording of the email, the from address and subject are carefully crafted to make it look legitimate. The goal is to get the victim to open the attachment. However, once the attachment is opened the malware can run and do its damage. The graphic on the right show the sequence of events for an infection.
Given the direct financial payback to the ransomware perpetrators, this form of malware has increased dramatically. We seeing a rise in emails with attachments which are malicious sent to our users. Our email system catches many of these, but unfortunately it cannot catch all of them and some get through. Please be very careful when opening attachments you receive in email. If you click on a malicious attachment, the outcome can be very unpleasant.
Mac users have been thought to be exempt from the threat of ransomware as the threat has usually targeted Windows or Mobile platforms. However recent events should cause Mac users to be cautious as well since ransomware has now been seen which directly targets Macs. Click here to read more.
Ways to protect yourself:
– Don’t open attachments if you’re unsure of their legitimacy. If you are unsure, contact the IT Service Desk (helpcenter@qatar.cmu.edu).
– Make sure you make regular backups of all data. Do not leave the backup data attached to your machine. If your machine becomes infected, you backup data could be lost as well.
– Store your data on the Network Drives (the Network Drives are backed up by IT). If those files are affected by encrypting malware, we can restore versions from before the infection.
– Make sure you have Antivirus installed on your personal systems (IT maintained systems have these installed by default). This can protect you from files that are known to be malware.
If you suspect that you have malware on your machine, we recommend that you power off your machine immediately and contact the Helpcenter at helpcenter@qatar.cmu.edu or 4454-8440.
Additional Reading:
[1] http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information [2] http://arstechnica.com/security/2016/02/locky-crypto-ransomware-rides-in-on-malicious-word-document-macro/
—
Jerome Marella | Director, Core Infrastructure and Services