Skip to main content

IT News

VIRUS UPDATE: Current CryptoLocker Infection Contained, but Threat Lingers

Information Technology has identified the source of the latest CryptoLocker Virus infection, and quarantined and sanitized the affected computers. However, the threat continues, and all University users should remain vigilant.

CrytpoLocker can encrypt thousands of files, then infect shared network drives. Its creators demand ransom payments for decryption keys. In some cases, victims have been forced to pay thousands of dollars to recover their data. In others, files were lost forever. The thieves are believed to have made tens of millions of dollars from this scam.

The attacks have been under way since November, with the creators constantly changing their methods to avoid detection. To avoid becoming the next victim:

· Never open ANY attachment from ANY sender you don’t recognize. Malware attempts are sneaky, arriving as what may look like Facebook, LinkedIn, shipping, banking or other business notifications with vaguely named attachments. Please forward any emails containing .zip files and other suspicious attachments to for review, even if the sender appears to be legitimate.

· Always hover over ANY link from ANY unfamiliar email BEFORE clicking on it. Most email applications and online browser-based services allow you to preview a link by moving your cursor over it. If the domain name that appears has no connection to the sender of the email — or appears as an incoherent list of letters and numbers — it’s probably not safe to click.

If you see the image below on your computer or any other WVU computer, IMMEDIATELY:

1. Turn off your computer. (Hold the power button down if the computer will not shut down.)
2. Unplug the ethernet cable (which looks like a large telephone cable).
3. Contact OIT Help at 3-4444.

Do not be afraid to report the infection. The quicker the machine is turned off, the less damage it can cause.