Recent Ransomware Infections (10/29/2013)
From Penn's Office of Information Security, October 29, 2013:
"ISC Information Security has confirmed at least one case of 'ransomware' infection at Penn, and recently has heard from a number of peer institutions about an increase in these types of infection. This form of malware encrypts files on the infected computer and won't decrypt them until the end user pays money to the attacker. In particular, CryptoLocker, first detected in September 2013, has been seen at a number of educational institutions in the Philadelphia region over the last few weeks.
Computers running Microsoft Windows operating systems are vulnerable to CryptoLocker. Once installed on a computer, CryptoLocker encrypts certain files and prompts the end user to send a ransom of either $100 or $300 within 96 hours in order to decrypt their data. If the end user fails to pay the ransom, Cyptoblocker deletes the encryption key, effectively destroying the data. The ransom must be paid using MoneyPak vouchers or Bitcoins. Once payment is sent and verified, the program does in fact decrypt the files.
The current version of CryptoLocker is typically spread through fraudulent emails that appear to be customer support-related communications from Fedex, UPS, DHS, etc. Attached to these emails is a zip archive that contains the CryptoLocker malware. It is disguised as a PDF file to trick recipients into opening the attachment and starting the installation.
The most important protection against this type of attack is an effective backup or snapshot of the computer's data. Antivirus software and network-based security devices (such as a next generation firewall or antimalware devices) may be effective as well, but the malware is mutating quickly and signatures may not be up to date.
Please take this opportunity to ensure that you and/or your organization have current backups of your data. Do not open any unsolicited attachments.
If you have any questions or concerns about CryptoLocker or ransomware, please contact email@example.com.
For more information on CryptoLocker please see: