This message has been approved for mass email distribution by Max Davis-Johnson, Chief Information Officer and Associate Vice President, in accordance with Boise State Policy 8100.
The Chief Information Officer for the State of Idaho notified Boise State University this afternoon of a “ransomware” malicious software infection currently impacting some State agencies.
Cryptolocker has been called “the nastiest malware ever” and results in a person opening a malicious email attachment, which runs a process that encrypts not only all of the files on a computer’s hard drive, but also files on attached network servers.
Once files have been encrypted, a ransom (often several hundred dollars) must be paid to restore access to the encrypted files by a certain date and time. If the ransom is not paid, the encrypted data is deleted.
Please be vigilant and do not click on email attachments from addresses or individuals that can’t be verified (nearly 100 people at Boise State responded to a malicious phishing email sent earlier this week).
If you have questions or concerns about email attachments you receive, contact the Office of Information Technology Help Desk at 208-426-4357 or email firstname.lastname@example.org, or contact your local college or area net admin.
The notification from the State of Idaho is as follows:
———- Forwarded message ———-
From: Pam Stratton <Pam.Stratton@cio.idaho.gov>
Date: Thu, Oct 31, 2013 at 12:40 PM
Subject: WARNING: Computer Virus Encrypting Agency Files
There are some agencies who have become infected with a ransomware virus called CryptoLocker and we have verified that this email has been sent to numerous other agencies.
The email currently has the subject of: Voice Message from Unknown that has a zip of msg attachment with an executable inside. When the user clicks on the executable it installs malware on their computer that then encrypts ALL devices that are mapped to, and accessible by, the user.
DO NOT CLICK ON EMAIL LINKS OR ATTACHMENTS if you are not sure of who it’s from or have verified that it is a valid attachment. McAfee AV is not catching these at this time.
If you see this on your computer, SHUTDOWN YOUR COMPUTER IMMEDIATELY and contact your IT Helpdesk.
Once infected we are finding the only way to recover is to restore your data.
Doug Ooley, Director
Information Security Services
Boise State University