Increased “ransomware” emails

July 6, 2016

In the past few days, many people in the McMaster community have reported malicious emails which contain attachments infected with Locky ransomware. The malicious emails have a macro enabled Microsoft Office file attached. You can identify this type of file by the exclamation point on the icon, and the file extension will end in “m” (e.g., .docm, .xlsm, .pptm, etc.)

In some cases the malicious email message will appear to have been sent by the recipient; i.e., it looks like you sent this to yourself! In other cases, the message imitates a message from a multi-function printer; i.e., contains a scanned image.

The attachment contains a crypto-variant ransomware named “Locky”. This type of malware encrypts all of the files on your hard drive, as well as the network drives to which you connect, rendering them all useless. The criminals behind this scheme hold the keys to unlock the files ransom, usually charging between $300 – $1500 to retrieve them.

If you receive a message with a macro enabled Microsoft Office file attached, please delete it immediately.

If you have inadvertently opened the attachment, please do the following:

  • DO NOT power off your computer
  • Immediately disconnect your computer from the network
  • Contact the UTS service desk for assistance

Whatever you do, DO NOT pay the ransom!

______________________________________________________________________________

 

Contact McMaster IT Security for more information about this and other internet threats, and how we are working to keep you safe:

email: c-it-security@mcmaster.ca

Web: http://itsecurity.mcmaster.ca/

Twitter: @McMaster_ITSec (https://twitter.com/McMaster_ITSec)

Facebook: https://www.facebook.com/mcmaster.itsec

Telephone: x28299