Security Alert: CryptoLocker

The Office Information Technology has been hard at work to combat a relatively new malware that has been infecting Microsoft Windows devices and extorting victims for access to their files.  This malware, CryptoLocker is an example of a Trojan horse, an infection that accesses a victim’s computer under an otherwise innocuous pretense, and may be hidden in a link or attachment from a message made to look like an email from a legitimate business, or a UPS/FEDEX tracking code.
Once it infects a device, the software attempts to contact a specific IP address (the known IP addresses have been blocked in the SMCM network), and then encrypts the victim’s files, making this data near impossible to access without a key.  After encrypting the data, a notification informs the user that they have three days to pay (usually around) $300, effectively taking their files ransom.  The United States Computer Emergency Readiness Team (US-CERT) informs users not to pay the attacker.  Instead, users should contact the IT Support Center (xHELP), and we will help determine the next course of action.
The above is effectively a ransom note for your files.
 And to further hit the point home, they also set the above image as your wallpaper.
The antivirus installed on college owned devices, Sophos, is actively updated, and the company has been on top of this malware attack as soon as it started happening.  Sophos attempts to stop the virus at several steps in this process, and will:
  • block pages that have been flagged as being high risk.
  • attempt to identify and quarantine files on your computer resembling the virus.
  • block traffic to the IP addresses described in the previous paragraph.

No antimalware/antivirus program is not infallible; prevention is the best recommended way to combat this, as well as any other, malware.  Please make sure to:

If you believe that your computer has become infected with this malware, or have any questions, please contact the IT Support Center at 240-895-4357 (xHELP).
Image/Information sources and further reading can be found here:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>