Ransomware attacks

In the past few days there has been a significant increase in the number of reported malicious emails which contain attachments infected with Locky ransomware. The malicious emails have a macro enabled Microsoft Office file attached. You can identify this type of file by the exclamation point on the icon, and the file extension will end in “m” (e.g., .docm, .xlsm, .pptm, etc.)

In some cases the malicious email message will appear to have been sent by the recipient; i.e., it looks like you sent this to yourself! In other cases, the message imitates a message from a multi-function printer; i.e., contains a scanned image.

The attachment contains a crypto-variant ransomware named “Locky”. This type of malware encrypts all of the files on your hard drive, as well as the network drives to which you connect, rendering them all useless. The criminals behind this scheme hold the keys to unlock the files ransom, usually charging between $300 – $1500 to retrieve them.

If you receive a message with a macro enabled Microsoft Office file attached, please delete it immediately.

If you have inadvertently opened the attachment, please do the following:

DO NOT power off your computer
Immediately disconnect your computer from the network
Contact the UTS service desk for assistance

Whatever you do, DO NOT pay the ransom!

______________________________________________________________________________

Contact McMaster IT Security for more information about this and other internet threats, and how we are working to keep you safe:

email: c-it-security@mcmaster.ca

Web: http://itsecurity.mcmaster.ca/

Twitter: @McMaster_ITSec

Facebook: McMaster I.T. Security

Telephone: x28299

University Technology Services thanks you for your cooperation and understanding.

If you have any questions or concerns, or experience any problems

later, please contact the UTS Service Desk at

uts@mcmaster.ca or ext. 2-HELP (24357).

Please be aware that there is no option to withdraw your consent to receive these messages.

Republish this Article for Free

Republish this Article

We believe in the free flow of information. This work is licensed under a Creative Commons Attribution-No Derivs 2.5 Canada (CC BY-ND 2.5 CA), so you can republish our articles for free, online or in print.

All republished articles must be attributed in the following way and contain links to both the site and original article: “This article was first published on Daily News. Read the original article.”

In the past few days there has been a significant increase in the number of reported malicious emails which contain attachments infected with Locky ransomware.  The malicious emails have a macro enabled Microsoft Office file attached.  You can identify this type of file by the exclamation point on the icon, and the file extension will end in “m” (e.g., .docm, .xlsm, .pptm, etc.)

<a href="http://dailynews.mcmaster.ca/wp-content/uploads/sites/3/2016/07/it-stuff.png" rel="attachment wp-att-55255"><img class="alignnone size-full wp-image-55255" src="http://dailynews.mcmaster.ca/wp-content/uploads/sites/3/2016/07/it-stuff.png" alt="it stuff" width="728" height="382" /></a>

In some cases the malicious email message will appear to have been sent by the recipient; i.e., it looks like you sent this to yourself!  In other cases, the message imitates a message from a multi-function printer; i.e., contains a scanned image.

The attachment contains a crypto-variant ransomware named “Locky”.  This type of malware encrypts all of the files on your hard drive, as well as the network drives to which you connect, rendering them all useless.  The criminals behind this scheme hold the keys to unlock the files ransom, usually charging between $300 - $1500 to retrieve them.

If you receive a message with a macro enabled Microsoft Office file attached, please delete it immediately.

If you have inadvertently opened the attachment, please do the following:
<ul>
	<li>DO NOT power off your computer</li>
	<li>Immediately disconnect your computer from the network</li>
	<li>Contact the UTS service desk for assistance</li>
</ul>
Whatever you do, DO NOT pay the ransom!

______________________________________________________________________________

&nbsp;

<strong>Contact McMaster IT Security for more information about this and other internet threats, and how we are working to keep you safe:</strong>

email: <a href="mailto:c-it-security@mcmaster.ca">c-it-security@mcmaster.ca</a>

Web: <a href="http://itsecurity.mcmaster.ca/">http://itsecurity.mcmaster.ca/</a>
<p class="alignnone"><a href="http://dailynews.mcmaster.ca/wp-content/uploads/sites/3/2016/07/image002.png" rel="attachment wp-att-55256"><img class="alignnone size-full wp-image-55256" src="http://dailynews.mcmaster.ca/wp-content/uploads/sites/3/2016/07/image002.png" alt="image002" width="21" height="21" /></a> Twitter: <a href="https://twitter.com/McMaster_ITSec">@McMaster_ITSec</a></p>
<p class="alignnone"><a href="http://dailynews.mcmaster.ca/wp-content/uploads/sites/3/2016/07/image001.png" rel="attachment wp-att-55257"><img class="alignnone size-full wp-image-55257" src="http://dailynews.mcmaster.ca/wp-content/uploads/sites/3/2016/07/image001.png" alt="image001" width="21" height="21" /></a> Facebook: <a href="https://www.facebook.com/mcmaster.itsec">McMaster I.T. Security</a></p>
Telephone: x28299

&nbsp;

&nbsp;

University Technology Services thanks you for your cooperation and understanding.

<em>If you have any questions or concerns, or experience any problems</em>

<em>later, please contact the UTS Service Desk at</em>

<a href="mailto:uts@mcmaster.ca"><em>uts@mcmaster.ca</em></a><em> or ext. 2-HELP (24357</em>).

&nbsp;

<em> </em>

<em>Please be aware that there is no option to withdraw your consent to receive these messages.</em>

&nbsp;

&nbsp;

Media Enquiries

Phone: (905) 525-9140 ext. 24073
Email: comms@mcmaster.ca

The Communications and Public Affairs Office is staffed from 8:30 a.m. to 4:30 p.m. Monday to Friday.

The University has a broadcast quality television studio to facilitate live and pre-recorded interviews with media. Learn more about our experts.