IT Security Advisory – CryptoLocker Ransomware

Type: CryptoLocker Ransomware
Description: CryptoLocker is a new variant of ransomware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. CryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives. If one computer on a network becomes infected, mapped network drives could also become infected.
What the University is Doing: The UMass Lowell Spamcatcher appliance and Intrusion Prevention System are detecting and blocking most malicious emails and links to download ransomeware.
Recommend Action: Do not open click on any links or any attachments contained in a message which you did not expect to receive. Doing so puts your computer, you and the university at risk of infection or data loss. IT recommends that all users delete any suspicious emails immediately.
What to do if your computer is infected: Immediately disconnect the infected system from the wireless or wired network. This may prevent the malware from further encrypting any more files on the network.
Contact the UMass Lowell Help Center at 978-934-HELP for further assistance.
Questions: If you have any questions or concerns please call the Help Desk at 978-934-HELP or contact your department’s IT Administrator.

UMass Lowell Urges Vigilance in Wake of Adobe Security Breach

WHEN

October 7, 2013

WHAT

Adobe recently confirmed that nearly three million customers had their private information stolen during a “sophisticated” cyber attack on its network. The attackers accessed Adobe customer IDs, encrypted passwords, as well as customer names, encrypted credit or debit card numbers, and other information related to customer orders. In a separate incident, Adobe is also investigating illegal access to the source code for some of its popular products, including Adobe Acrobat and ColdFusion.

In response to the first attack, Adobe is currently notifying affected users on the steps they need to take to protect their personal information, including immediately resetting their Adobe password and monitoring their credit report. Adobe users can expect email notifications with more information on how to reset their passwords (if their login data was involved) and/or notification letters with details on how to protect themselves against identity theft (if their credit or debit card information was involved).

Note: Adobe software currently in use will continue to work.

WHO

General public, students, faculty, staff, IT professionals, Adobe users

NEXT STEPS

We recommend that Adobe users follow the instructions provided in the Adobe notifications. As a precaution, we also recommend that members of the University community:

‘ Beware of phishing scams providing ‘alternatives’ for resetting their Adobe passwords. If you have an Adobe ID account, please change your password only through the Adobe Web site. Do not enter your information on any third-party site.

‘ Only download Adobe software from trusted sources, such as the Adobe Web site or the campus IT Web site.

‘ Keep their Adobe software up-to-date and apply all available updates as soon as they are released.

RELATED CONTENT

Customer Security Announcement

http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html