Malicious software (malware) come in the form of viruses, Trojans, bots, etc. There is a newer category called “ransomware” that may prevent access to a computer, or the data on it, unless the victim pays a the malware creator money. The Cryptolocker virus is one such ransomware that has recently surfaced that encrypts the victims files by making them inaccessible. If you fall victim to this virus, there is no way to unlock the files and you will need to rely on your backups. UT Arlington’s email system as well as computers that run System Center EndPoint Protection or McAfee software are protected from this malware.

Cryptolocker is typically sent via a Phishing email.

What does it Do?

Once a computer is infected with Cryptolocker the user’s documents are encrypted with a secret key that effectively keeps the user from accessing their files. It can also spread to your networked drives or attached flash drives. Cryptolocker then demands approximately $300 within a limited amount of time in order to provide a key to decrypt your files. If you don’t pay up, they delete the key, and your files will be unrecoverable.

What can you do?

The following preventative measures are recommended to protect your computer from a CryptoLocker infection:

  • As with all email – do not open suspicious e-mails or unexpected attachments.
  • With the holiday season approaching, be wary of unexpected messages that appear from UPS, FEDEX, US Postal Service or other such mail/package delivery services that include attachments or links – it is safer to go directly to the service websites and enter any tracking numbers than click included links.
  • As the calendar year comes to a close, be wary of any unexpected emails that include attachments or links relating to tax returns.
  • Be wary of any payroll deposit notifications that include unexpected attachments.
  • If an email message appears unusual verify the identity of the sender of any attachments, whether through an informal consistency check of the e-mail address and content of the e-mail or formal communication with the sender.
  • Perform regular backups of all systems to limit the impact of data and/or system loss – UTA computers can use share  drives for the backups (as appropriate) or contact OIT for CrashPlan.
  • Make sure your computer has updated anti-virus software and enable automatic updates for malware-signatures and software. Systems managed by OIT or that are part of the UTA active directory should have the antivirus software.
  • Antivirus software for university owned computers are available on OIT’s download site.
  • Make sure your computer is updated/patched of all software by using automatic updates.
  • Practice safe computing. Never open an attachment from someone you don’t recognize.
  • Keep your antivirus up to date and scan regularly.
  • Backup your data regularly and store it in a separate location. If you use an external hard drive, , disconnect it from your computer when not in use.

Note that the tips above apply to your home computers with the exception that you will need to acquire your own antivirus software. Free antivirus software is available for personal use (not to be installed on UT Arlington computers) on the BlazeWare site.

What do I do if infected?

  • Turn off your computer immediately. If you get infected, the virus will move faster than you can.
  • Get help from your tech support.

You can find more information about this at the following:

http://www.thebatt.com/news/virtual-files-held-for-ransom-1.3102768#

References: http://answers.uchicago.edu/page.php?id=34505

As always, the Information Security Office is monitoring the situation and can be reached at security@uta.edu.