Malware threat – please be vigilant!

23 Oct 2013

There is currently a malware threat on campus that could risk a permanent loss of data if not discovered.

The malware is an encryption/extortion engine known as Cryptolocker.

What does it do?

1. It arrives via email in the form of a zip file which appears to be from ‘HMRC’ or a ‘voicemail’ attachment in the main, but there may be others.
2. Once opened, it then encrypted any files which the person in question has write access to, on local disk/P: drive/shared areas.
3. After failed attempts to access these files, a message is finally displayed stating that files have been encrypted, along with a demand for payment to decrypt the files.

How do I know if I’ve been infected with this?

In cases reported so far, it is likely that you would see a message similar to the example below (the example shown is for a Word file):

“The file (filename) cannot be opened because there are problems with the contents. Word cannot start the converter mswrd632”

If you suspect that you have received such an email, you should delete it immediately and then delete it also from your "Deleted items" folder.

Whilst some files may be recoverable from IT Services, backups are only available for up to 28 days previous. Therefore, if files affected in this way are not discovered within this period, the files may be permanently lost.

Can I prevent this from happening?

In most cases, yes.

The malware is coming through as an unexpected email attachment, often from an unusual source (in terms of your day to day working). Vigilance is the key – it the attachment is not opened, then the malware will likely not affect you.

If you suspect that you have received such an email, do not open it and delete it immediately, and then delete it from your ‘Deleted items’ folder. If you have opened one of these attachments report this to the IT Service Desk immediately.