Beware: Malicious emails threaten to hold files hostage

UAB users have been hit in the past day with emails containing malicious attachments that could encrypt users' files, enabling attackers to hold the files for ransom.

The recent emails contain unzipped Word document attachments that pretend to be a job applicant's resume or CV. The image below is similar to what users have received:

cryptolocker

When the user opens the attachment, a particularly nasty malware called CryptoLocker is released onto the user's computer.

CryptoLMalocker malware holds the user's machine hostage by encrypting all of the user's files, making them inaccessible without the required passkey.

The attacker offers the victim the passkey for a fee of a few hundred dollars, often paid by entering a prepaid credit card number the victim must purchase.

There is no way to simply remove the malware. The user must either pay the ransom (which does not always work) OR if they keep consistent backups, rebuild the machine and load the backup onto it.

Anyone who receives such an email is urged to report it to AskIT.

Follow these tips to avoid phishing and other scam emails:

  • Don't open attachments from strangers or even friends if you aren't expecting them. The attachment could contain a virus that can infect your computer.
  • Do NOT click links in messages. Type a trusted web address in your browser or Google for the web site if you don't know the address.
  • When there is a link in an email, do the "hover test" and hover your mouse over the link to see where it is actually redirecting you.
  • Never type personal, sensitive information (such as passwords or account numbers) on web sites without verifying the web site's authenticity and security — look for an "https" in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Always report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Last modified on October 28, 2015