Information Services wants to make you aware of a type of malware that infects via phishing and has gained popularity this year. Originally introduced in late 2013 this type of malware is called ransomware and it is a dangerous piece of code that can lock you out of your critical files, photos, videos, and other important data on your work and home computers. Our goal with this CaTT Tales is to help educate and prevent a loss of your data.
Ransomware is a type of malicious software that is designed to block access to your files. It does this by infecting all of the files on your computer with the strongest industry encryption, and then demands that you pay money to decrypt your files. The fees associated to decrypt your files, range between $200-500 per infection.
Ransomware’s increase in popularity is due to the effectiveness of the exploit and the ease with which it can propagate to unsuspecting victims. The market has seen a huge exploit rate and large amounts of money have been stolen since the original and most impacting ransomware was released in September 2013, called Cryptolocker. Different variations have been developed since the first release, but some of the more common ransomware applications are CryptoLocker, CryptoWall, Locky and TeslaCrypt. Each have different methodologies, but all are malicious in nature and are expected to grow greatly in the future. KnowBe4 a prominent security blog states “Ransomware is a very successful criminal business model. As an illustration. CryptoWall has generated over 320 million dollars in revenues.”
There is no simple, cost effective, or truly comprehensive method to recover your files. This is for a few reasons, but mainly because the malware will more than likely still be present on the PC even after you pay the fee, and the problem can and will show up in the future demanding additional money. The best defense to prevent your machine from being infected, is to stay educated and always be aware of the behavior these phishers use to get your information, and/or gain access to your PC.
Phishing behavior involves making illegitimate emails or requests look like they are normal or are coming from legitimate sources. A recent attack at another education institution, had an email that looked legitimate and had the title 'past due invoice.' There was a Word macro file attachment and once the users would run the attachment and enable macros, the malware was downloaded to their PC their machine was infected. This example of phishing ultimately infected their user’s machines with the Locky ransomware, which was embedded in the Word document’s macro.
Protect Your Work Computer
We advise that you start backing up important work files to the share drive. For the District offices, we backup copies of all files on the F: drive to another form of media using the backup software process. Also, we are protected with the latest anti-virus definition that is installed on each PC. For your campus procedures and technologies, contact your local ACT team. The most important thing you can do is alert Information Services or your Academic Computing Technology team if you suspect a link in an email is suspicious or if you receive any unusual request for information out of normal communications channels. Trust your instincts and if you are ever in doubt, please call the technology staff for assistance or to ask a question.
Protect Your Home Computer
For your home computer, we recommend keeping your computer up-to-date with patches and anti-virus, and backing up your documents to another form of media like an external USB drive. Make sure, after you have backed up your files, that you unplug the USB drive. If you don’t, and your PC gets infected, the malware will infect your backup files on the USB drive and you won’t be able to recover easily.
District Information Services wants to ensure you are protected and are here to assist. Please do not ever hesitate to call us for any questions, concerns or feedback on improvement.
Phone – 714-808-4849
Email - firstname.lastname@example.org
- Malware is a term, as defined by TechTerms as “Short for ‘malicious software,’ malware refers to software programs designed to damage or do other unwanted actions on a coLoretta1mputer system.”
- Phishing, is a scamming technique by unscrupulous tech savvy persons whose mission is to trick individuals into giving up sensitive information; specifically, they use SPAM, malicious web sites, legitimate looking email messages and instant messages to run their elaborate scheme.
KnowBe4 has published a more in depth analysis on the history and evolution of ransomware.
The SANS Internet Storm Center has a technical write up regarding steps to prevent your computer from infection.
This is an article about the new wave of phishing attacks targeting the securitization of documents: if you use DocuSign, or Secure Adobe products for work or personal use, this is an important article to help you understand the risk.
For additional information on ransomware visit the Microsoft Security Portal