Awareness : Security Awareness Tips

Ransomware - What is Your Personal Data Worth?

Imagine you are working on your computer and suddenly you see a message telling you that your personal files have been encrypted and will not be accessible to you unless you pay a fee.  This is known as Ransomware.  It’s a type of malware that restricts access to the infected computer system and demands payment before the restriction is removed.  There are two types of Ransomware. The type illustrated above is known as encryption ransomware.  But not all of them encrypt your data. Non-encryption ransomware for example can stop a victim from using their web browser until they pay the ransom.

One version of ransonware is called CryptoLocker.  It targets several versions of Windows including Windows XP, Vista, Windows 7 and 8.  It searches for images, word documents, spreadsheets, presentations, videos, databases and numerous other file types.  Once personal files have been encrypted it will display the ransom message with a count down.  One version of CryptoLocker gives the victim 72 hours or 3 days to pay $300 (times and amounts can vary) so that their files can be decrypted.

CryptoLocker is being spread though phishing emails containing malicious attachments.  One version of the email mimics legitimate companies such as FedEx and UPS tracking notices.  The attached file looks like a pdf but it is actually an .exe file.  The malware can encrypt files contained in local drives, USB Drives, external hard drives and network files shares.

The CryptoLocker hackers have made it hard for law enforcement to track them because they continue to change the servers where CryptoLocker is being hosted.  An anti-virus company called Bitdefender Labs found that during one week CryptoLocker servers “hopped” to several countries including Russia, Germany, Kazakhstan and the Ukraine.  They also found that in one week more than 12,000 computers were infected with CrytoLocker, with most of them being in the United States.

Law enforcement has asked victims not to pay the ransom because payment will encourage the hackers to continue.  However, some who did pay have reported that even though they paid the ransom, they did not receive the decryption key.  US-CERT and DHS is encouraging those who have fallen victim to a ransomware to report the incident to the FBI through the Internet Crime Complaint Center.

Tips:

  • Keep backups of your files.
  • Use an anti-virus and keep it up to date.
  • Keep your operating system and software up to date.
  • Do not click on web links or attachments on emails that you are not expecting.

If Infected:

  • If a University of Miami computer has been infected, report it to Information technology.

For Home Computers recommended practices are:

  • Disconnect the computer from your network. This will prevent it from continuing to encrypt files.
  • Users can retrieve encrypted files through the following methods:
    • Restore from backup,
    • Perform a system restore.
    • For computer novices it is recommended to consult with a computer professional
  • All online passwords should be changed after removing the malware.

For More Information

Posted: November 25, 2013