SPAM Email Contains Ransomware

Posted on: April 7th, 2016 by Jim Pardonek No Comments

Early this morning, Loyola email users may have noticed an email in their inbox that appears ot come from a legitimate source containing a Word document that has an embedded program that attempts to install ransomware named “Locky” The email looks to be from: ebilling@angelsprings.com and has the subject line: “Your Latest Documents from Angel Springs Ltd [STA054C]”.

What is it?

Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying.

What This Means for Me?

Network protections were put in place on Thursday morning for computers that are connected to the LUC network using software that looks for, and blocks, the exploit.  It should be noted that individuals with laptops are not protected if they take them off campus. We will continue to monitor any potential exploits.

How is ITS Responding?

ITS is recommending that users who receive this email delete the message and empty their deleted items folder.  The virus executes by opening the attached Word document and enabling macros when prompted so opening the email will not cause you to be infected.

How Do I Help Prevent This?

Prevention, in this case, is significantly better than cure:

  • Avoid opening attachments you weren’t expecting, or from people you don’t know well.
  • Make regular backups, and store them somewhere safe, preferably offline.
  • Wherever possible, store your important files on a network drive. Although they may become encrypted if you get hit with ransomware, ITS can restore them from backup once your PC is cleaned and virus free.
  • Don’t forget that services that automatically synchronize your data changes with other servers, for example in the cloud, don’t count as backup. They may be extremely useful, but they tend to propagate errors rather than to defend against them.

If you believe you are infected with any virus, please contact the ITS help desk at 773.508.4487.

Leave a Reply