Cryptolocker (Again!)

There has recently been a number of reports of Cryptolocker infections at the University.

Unfortunately these have not been relegated to being infected locally but have also spread to various shared drives that users have access to. The result can be quite disruptive, as infected files on shared drives mean no-one can access them, not just the user that initially got infected.

Investigation has determined the cause is a fake email that appears to come from AusPost, which advises a parcel could not be delivered and all the details are in the attached PDF. The PDF itself is fake and installs the Cryptolocker ransomware which then encrypts files on any drives the user has access to.

AusPost are aware of these emails but unfortunately due to the nature of how these things operate, they are unable to do anything about them.

We ask that if you do receive an email claiming to be from AusPost regarding a parcel delivery that you do not open any links in the email or any attachments it may have. This advice is the same as provided by AusPost on their website.

“The aim of these scam emails is to collect personal / financial information or to install a malicious virus such as ‘ransomware’ which can ‘take over’ your PC. Prevention is the best approach to any malware. It’s vital that you know the warning signs of a phishing scam.

If you receive this email, please delete it.” (July to October 2014)

If you have any queries or your computer has been infected with Cryptolocker or other form of ransomware, please contact the Service Desk as soon as possible.

This entry was posted in Malware, Phishing and tagged , , . Bookmark the permalink.

Comments are closed.