Beware of Ransomware

A current security threat to you is ransomware — malicious software that encrypts your documents and pictures and demands you pay for some sort of secret key before you can recover them.

Ransomware has names such as Reveton, Vabushky, Trojan.Ransomcrypt, FBI Moneypak and Cryptolocker. Cryptolocker, released in September 2013, targets all versions of Windows. Once it has encrypted your files, a payment window will prompt you that you have 72 hours to send a ransom of $100 or $300 to decrypt them. If time expires and you have not paid the ransom, Cryptolocker will delete your encryption key and there will be no way to decrypt your files. Even if you pay, they will be as good as deleted.

Victims at NC State reported they received an email about using state vehicles for travel with a vehicle authorization form attached. Hovering over the links in this spoofed email revealed URLs pointing to a non-ncsu.edu website — suspicious for a message purportedly coming from NC State. Opening the form spawned the ransomware infection on the victims’ computer systems.

To prevent ransomware infection:

  • NEVER open any email attachments you were not expecting or from an untrusted source.
  • Even if it appears to come from a trusted source, don’t click on a link or open an attachment without first making sure that source is legitimate.
  • ALWAYS hover over a link to verify its intended location.
  • NEVER click on suspicious or unrecognized links in emails, including those from NC State.
  • Keep your antivirus, operating system and software patched and up-to-date.
  • Search for and destroy any malware already on your computer.
  • Make backups regularly and store them in a secure location.

If you receive ransom email, please forward it to abuse@ncsu.edu or contact the NC State Help Desk at 515-HELP (4357) or help@ncsu.edu.