Skip to main content

IT News

CryptoLocker Attacks Seize, Encrypt Computer Data; Victims Asked to Pay Ransom

Two West Virginia University departments in three weeks have fallen victim to an ongoing “ransomware” attack called CryptoLocker that seizes control of computers, holding the data hostage and demanding the user pay a ransom to regain access.

Mark Six, executive director of Information Technology, said Wednesday the operations of both departments were significantly disrupted for several days. Some data had to be recreated from a backup, and some work was permanently lost.

The U.S. Computer Emergency Readiness Team (CERT), a division of the Department of Homeland Security, says CryptoLocker attacks come in the form of a phishing email, a message that appears to be legitimate but is actually trying to steal usernames, passwords and personal information.

CERT says the emails mimic real businesses and typically ask users to download a .zip file. CryptoLocker attacks also have been delivered through phony FedEx and UPS tracking notices.

Bob Meyers, IT security awareness manager, urges computer users to forward any emails containing .zip files to DefendYourData@mail.wvu.edu for review, even if the sender appears legitimate. About 92 percent of all malware attacks are delivered by .zip files.

“Whatever it is, it can wait,” Meyers said, “because you have a 92 percent chance of losing access to all of your data. Those are not good odds.”

CryptoLocker targets Microsoft Windows systems running Windows 8, Windows 7, Vista, and XP operating systems. CryptoLocker can find and encrypt files located on shared network drives, USB drives, external hard drives and even some cloud storage drives.

If one computer is infected, the entire network can become infected. The thieves block the user’s access by creating a private encryption key. Victims’ files are held hostage by the attackers, who demand users pay hundreds of dollars for a decryption key through a third party such as Bitcoin. That makes them difficult to track down.

IT is hosting its next Cyber-Security Best Practices workshop March 11 from 11 a.m. to noon at the Evansdale Library Computing Center. Register here: http://oit.wvu.edu/training/schedule/. Department heads who want to arrange sessions sooner should contact Bob Meyers at 304-293-8502 or remeyers@mail.wvu.edu.

For the latest on training, threats and more, follow @WVUITServices on Twitter or visit it.wvu.edu.