Students recently received an email from the Information Technology Services about a new virus called CryptoLocker.
This virus starts as an email to an individual. The email contains a link that will install a new virus that is in the “ransomware” category. Google defines ransomware as “a type of malicious software designed to block access to a computer system until a sum of money is paid.”
ITS took the threat seriously and took steps to see if CSU-Pueblo’s system was infected.
“Once the virus is executed it proceeds to encrypt the files on the infected user’s computer and all network shares that the user has access to. The user is then asked to pay a $300 – $500 ransom in order to get the files decrypted,” said Matt Watson, information security officer.
The only way to recover the encrypted files is from a backup system, Watson said.
SophosLabs is a company that develops security for the growing number of Internet viruses.
“SophosLabs has received a large number of scrambled documents via the Sophos sample submission system,” Paul Ducklin, researcher at Sophos Labs, in a blog on nakedsecurity.sophos.com. “These have come from people who are keenly hoping that there’s a flaw in the CryptoLocker encryption, and that we can help them get their files back. But as far as we can see, there’s no backdoor or shortcut: what the public key has scrambled, only the private key can unscramble.”
Colorado State University-Pueblo’s ITS department took preventative precautions to make sure that no trace of CryptoLocker was in the system.
“We have disconnected the campus file servers to perform virus scans on the file directories to verify that the virus has not infected campus servers,” said the email from the ITS department.
Watson said as of Oct. 15, no systems at CSU-Pueblo were infected by CryptoLocker.
“It appears that there is a misunderstanding that CSU-Pueblo got infected with this bug. In short, we didn’t,” said Watson, “We did however, assess the threat of CryptoLocker, and determined that the readiness of our backup system was not where we wanted it to be, so we took action.”
ITS changed their backup system to a compellent storage area network in order to increase the reliability of the network said Watson. Compellent storage area network snapshots the data stores and retains the data in a snapshot that can be easily mounted to recover the data added Watson.
More information about CryptoLocker can be found at
http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/