One of the more dangerous developments in malware over the past year is the increasing growth of ransomware. Ransomware (including Cryptolocker, Cryptowall, Crowti and Reveton) is designed to hold valuable computer files, such as images and documents hostage by encrypting. Your files are held for ransom until you pay a fee.
Data that has been encrypted should be considered as lost, unless it has been backed up to other, offline locations. For many years, IT has provided users with the advice to keep important files on networked drives, or at least store a copy there. Networked drives are backed up nightly, and if files are lost due to encryption, can generally be recovered. However, files that are not placed on, or copied to network drives will most likely be permanently lost.
Emails from unknown senders with Doc, Zip, Exe or other attachments and subjects like “adelphi.edu witness subpoena” or “RE: Billing Problem” or “Invoice”. These may not always be in your Spam folder.
Shut down your computer immediately, and call the Help Desk at 516.877.3340
In February 2016 the Hollywood Presbyterian Medical Center in Los Angeles paid a ransom of $17,000 in order to regain access to encrypted files.
Adelphi faculty, staff and students have also been victims of such attacks. Unfortunately…..
These type of malware may also infect any USB External or network shared drive you have access to and encrypt the entire department’s data files that are present on shared drives and online file storage/sharing services.
Don’t become a victim. Think before you click.
Examples of Ransomware Attacks
Please note: There are thousands of variations, so you may receive threats that don’t look exactly like the ones below. The next three images below show what a message might look like in your mailbox. In these examples Google has warning messages and the attachments are flagged as malicious. This will not always be the case, or not right away.
If you open a ransomware attachment disguised as a Word document, one of their tactics is to show garbled text with a message asking you to enable macros:
Below is an example of a ransom message, but at this point it is already too late to stop the attack and your files are likely lost forever: