- October 25, 2013
- 3:59 pm
- Steve Christensen
ITS alert – CryptoLocker virus
A new virus has been spreading throughout the Internet through various means: malicious e-mails, infected webpages, and infected file downloads. The damage from the virus can be quite extensive as you can lose access to every file on your hard drive unless you pay for the key to decrypt your files.
What Is It?
The virus, known as “CryptoLocker,” is distributed as either an attachment or a deceptive link in an e-mail or on a web site. This type of virus is called “ransomware,” which is a type of malware that restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of “ransomware” encrypt files on the system’s hard drive, while some may simply lock the system and display messages intended to coax the user into paying.
What Does This Mean for Me?
Everyone must be wary of any unsolicited e-mail that contains any sort of link or attachment, especially a ZIP file. In most cases, the ZIP file contains an executable (exe) file that infects the machine. If you see the pop-up window requesting payment, indicating that you have been infected, your files are already encrypted. You should contact the ITS help desk immediately. This can happen anywhere, on your Loyola computer or your home computer.
How Much Data Is Affected?
After it executes the virus, it attempts to encrypt data on any local or network storage drive that the user can access, targeting files matching a list of file extensions and covering file types such as images, documents, spreadsheets, and more. If you are logged into the network when the virus executes, it will encrypt all network drives, including any departmental drive that you can access.
How Do I Know I’m Infected?
A message will appear on your screen. CryptoLocker demands a payment with either a MoneyPak card or Bitcoin to recover the key and begin unencrypting files, and it threatens to delete the key if a payment is not received within three days. Because of the encryption method that CryptoLocker uses, it is near impossible to recover the encrypted files.
How Do I Prevent This?
- NEVER open an e-mail or attachment from someone that you do not know or trust.
- Do not open files that you have not downloaded.
- Do not download or open files from third-party websites. Always try to go straight to the developer’s website.
- BACK UP YOUR DATA! Back up your data at least once a day and make sure that your back up device is unplugged from your computer after your back up finishes. If you happen to be a victim of the CryptoLocker virus, your back up drive will be safe as long as it is not connected to your computer.
If you believe you are infected with any virus, please contact the ITS help desk at 773.508.4487. More detailed information on the CryptoLocker virus can be found on the Information Security Blog at blogs.LUC.edu/uiso.
James Pardonek, CISSP, CEH
Information Security Officer