Malware that encrypts files, solicits payment seen on campus
2:32 p.m., Oct. 2, 2014--Last year, University of Delaware Information Technologies (IT) reported that CryptoLocker, a form of ransomware, had infected computers on campus. Now, UD IT confirms that a newer form of ransomware, CryptoWall, has appeared on campus. So far, at least four UD computers have been attacked by this persistent malware.
But first things first, what’s ransomware? Put simply, ransomware is a form of malicious software that, once downloaded, encrypts all files on the victim’s computer and demands ransom in order to decrypt the files.
June 6: UDid It! Picnic
2FA protects you
Ransomware is often delivered as a Trojan, hiding in seemingly innocent attachments and files; however, it can also be downloaded just by viewing malicious or infected websites.
Ransomware is easy to identify because it confronts the victim with a prompt for payment. It can be tricky to address. Under no circumstances should the victim pay the ransom. There is no guarantee that files will be decrypted, or that, once decrypted, files will be safe from repeated attack. In many cases, ransomware destroys some of the files it encrypts.
“CryptoWall is much like the CryptoLocker malware we saw last year, but it’s even more pervasive,” says Joe Kempista, director of IT Client Support and Services. “We urge students and employees to follow safe computing practices like backing up files, checking links and attachments, and updating software.”
CryptoWall can afflict both Windows and Mac systems. Dell SecureWorks has released a helpful document detailing CryptoWall’s attack patterns and effects.
CryptoWall is being distributed over the Internet through a number of methods:
- Malicious email attachments;
- Exploited browsers or websites; and
- Download links claiming to point to faxes, invoices, or other documents on file-hosting Web sites such as Dropbox.com and MediaFire.
"You need to take proactive steps to protect your computer from attack," Kempista said.
Most importantly, UD IT recommends that users back up their files regularly so their work is still accessible if their computer is compromised by ransomware or another kind of attack. In the worst-case scenario, backups may be the only way for people to regain access to their files. Instructions for backing up Windows and Macintosh computers are linked below.
UD IT recommends that members of the UD community also follow these best practices to help prevent ransomware attacks from affecting their computers:
- Update the computer’s McAfee anti-virus software. (The version downloadable for members of the UD community is configured to update automatically.)
- Update the computer’s operating system.
- Update all software on the computer, especially software often targeted by hackers: Microsoft Office, Adobe products, Mozilla FireFox and Thunderbid, Internet Explorer, and Java.
- Be cautious about what email attachments you open.
- Be cautious about what websites you visit.
- Do not download and install unfamiliar software, even if its maker claims it will prevent ransomware. Often, malware distributors trick people into downloading “special anti-virus software,” but the downloaded software is actually the malware itself.
"You should never assume that your computer is just safe," said Karl Hassler, associate director of IT Systems Security. “You must take proactive steps to protect your computer from CryptoWall and other malware. You are the first line of defense. The security of your computer and the information stored there is your responsibility.”
For more information and assistance, contact departmental or college IT staff or contact the IT Support Center.
Article by Alex Lindstrom
Graphic by Christopher Johnson