ITS Security Advisory - CryptoWall Ransomware

Summary

Over the past month, the University has suffered several incidents of ransomware malware infection with varying degrees of impact. A specific malware called CryptoWall has making their way into computer systems and connected shared drives across campus. When this virus infects a system, it immediately encrypts the users data, and the data on any network shared drives that user has access to. Once the data has been encrypted, the virus prompts the user with a message demanding that a ransom be paid. 

The current target of the malicious emails seem to be email accounts that accept general enquiries, CVs/resumes, etc from the public. This places areas that deal directly with public enquiries at the greatest risk.

New variants of this malware are appearing on a regular basis and detection signatures released by anti-virus and anti-spam filter vendors are not timely enough to stop the initial infection.

ITS are looking into implementing software restrictions to stop running of specific executable files on the UDS domain, this should hopefully stop systems with the infection from running the executable to encrypt user's files.

What you can do to protect your computer

Do NOT open attachments from people you're not expecting to get attachments from. This includes emails from printers saying they've sent you a scanned document, from shipping companies stating there is a customer support issue, or unexpected CVs/resumes.* Take regular backups of your personal data and store them offline.  If you backup your files to an external hard disk drive, do not leave it connected to your computer.  Disconnect it after you have backed up your files.

What you can do if you're infected

Turn off your computer immediately* Contact the Service Desk on x54321 - option 1 - option 9.* The Service Desk will arrange for your computer and any associated user profiles to be cleaned, as well as restoration of any encrypted files that reside on ITS network shares.