Virus Alert | RansomWare - CryptoLocker
OIT has been made aware of a RansomWare Virus called ‘CryptoLocker’, that is currently infecting Windows computers.
What does this virus do?
When this virus infects a system, it immediately encrypts the users data, and the data on any network shared drives that user has access to. Once the data has been encrypted, the virus prompts the user with a red background that requires the user to pay between $100 and $300 dollars to un-encrypt the data. The user has 72 hours from the start of the message to pay before the virus deletes the decryption keys. Once the files are encrypted there are no other alternatives EXCEPT to recover the data from an offline backup. Online backup solutions ( like Carbonite, Mozy, Backblaze, and DropBox, etc...) are affected by the virus, and will copy encrypted files to their repositories.
Will your AntiVirus program protect you?
At this time, Antivirus vendors (such as Symantec) are still working on a solution to successfully detect this virus, and prevent its infection, but they do not have one yet. They also do not have a way to un-encrypt the files once they’ve been encrypted.
What is OIT doing about this?
- OIT has implemented software restrictions for user's AppData folder to stop exe files from executing on all UAF and SW managed computers on the UA domain.
- This will stop systems with the infection from running the executable to encrypt user's files.
- Users will see the alert message below if this policy has stopped something from executing .
- It is IMPORTANT TO NOTE: Computers running Windows that are NOT on the UA Domain remain UNPROTECTED and must create a local security policy manually.
OIT Local Security Policy Instructions (PDF)
What you can do to protect your computer and your data?
- Do NOT open attachments from people you’re not expecting to get attachments from. This includes emails from printers saying they’ve sent you a scanned document, or from shipping companies stating there is a customer support issue.
- If you do not log onto the UA Domain to access your computer, but you would like help putting this mediation in place, please contact the OIT Support Center.
- Take regular backups of your data and store them offline. If you backup your files to an external HDD, do not leave it connected to your computer. Disconnect it after you have backed up your files.
What should I do if I'm infected?
- Immediately turn off your computer
- Do not attempt to move files or circumvent the problem
- Immediately contact the OIT Support Center to place a ticket, and have your computer rebuilt.