Beware Ransomware

You may have heard on your local news or on Facebook about a new computer security threat. There are now two competing malware programs in circulation that will infect your personal computer, encrypt all of your files, then demand payment for the "private key" to allow you to unencrypt these files.

CryptoLocker and CrypotoDefense (which appeared late February 2014) are the two most prevalent versions of "ransomware," programs that will literally hold all your important files for ransome until you hand over a rather steep payment (typically in the form of Bitcoins).

If you don't pay the ransom by the specified deadline, the fee increases. And, after a specified date, the decryption key is deleted, and your files are likely permanently lost.

Sophos has a great web page explaining how the ransomware works, but the takeaways (for prevention) are:

  • Back up your computer regularly. If you have the files in another location, you won't need to pay someone to free the encrypted versions. Check to make sure you can restore your backup files.
  • Keep an anti-virus program running on your computer, and keep it updated – schedule it to check for updates daily. UChicago has licensed anti-virus software from Symantec End Point Protection, available from the IT Services Antivirus page. You'll need an valid CNetID and password to get in.
  • Apply your OS system patches regularly.
  • If you connect to a network drive, use a shortcut -- do not map the fileshare to a drive letter.
  • If you accidently click on a file that you think might be ransomware, disconnect from the network and/or turn off your WIFI immediately. (You may be able to limit the extent of the encryption).

Another good site (more technical) on the subject:

If you suspect your computer has been attacked, contact your IT support people immediately. If you work for the College of the University of Chicago, that's us: