Univers Officeof Cryptolo

celerymoldwarpΑσφάλεια

3 Δεκ 2013 (πριν από 4 χρόνια και 28 μέρες)

136 εμφανίσεις

Univer
s
Office o
f
Cryptol
o

Overvi
e
The He
a
is asso
c
propag
a
States
C
against
CryptoL
comput
e
the atta
c
means
o

Descri
p
CryptoL
the look
notices.
followin
g
the cyb
e
instructi
o


s
ity of Tex
a
f
Informat
i
o
cker Ran
s
e
w
a
lth Scienc
e
c
iated with
a
a
ting on a g
C
omputer
E
most UT in
ocker is a
n
e
rs along
w
c
kers in o
r
d
o
f infection
p
tion
ocker app
e
of legitima
In additio
n
g
after a pr
e
er
-criminal
u
o
ns for pa
y
a
s Health S
c
i
on Securit
y
s
omware
B
e
Center is
a
n increasi
n
lobal scale
E
mergency
stitutions.
n
ew varian
t
w
ith file ser
v
d
er to decr
y
appears t
o
e
ars to hav
e
te busines
s
n
, there ha
v
e
vious infe
c
u
ndergrou
n
y
ment (see

c
ience Cen
t
y

B
ulletin
aware of
a
n
g number
with an ac
Readiness
t
of ransom
v
er shares
a
y
pt and rec
o
o
be phishi
n
e
been spr
e
s
es and th
r
v
e been re
p
c
tion from
o
n
d. Upon i
n
below).
t
er at San
A
a
malware
c
of ransom
w
tive critical
Team (U
S
ware that
r
a
nd deman
o
ver their fi
n
g emails c
o
e
ading thro
r
ough phon
y
p
orts that s
o
o
ne of sev
e
n
fection, th
e
A
ntonio
c
ampaign t
h
w
are infect
risk desig
n
S
-CERT) a
n
r
estricts ac
c
ds the victi
les. As of t
o
ntaining
m
ugh fake e
m
y FedEx a
n
o
me victim
s
e
ral botnet
s
e
user is n
o
h
at surface
ions. Thes
e
n
ation by t
h
n
d active at
t
c
ess to inf
e
m provide
a
his time, th
m
alicious at
t
m
ails desi
g
n
d UPS tra
c
s
saw the
m
s
frequentl
y
o
tified by t
h
e
d in 2013
a
e
attacks a
r
h
e United
t
acks seen
e
cted
a
payment
e primary
tachments
.
g
ned to mi
m
c
king
m
alware a
p
y
leveraged
h
e malware

a
nd
r
e
to
.

m
ic
p
pear
in
with
Systems Affected
Microsoft Windows systems running Windows 8, Windows 7, Vista and XP operating
systems.

Apple Mac systems have not yet been infected; however, Apple users are advised to
take the same precautions prescribed in this bulletin.

Impact
The malware has the ability to find and encrypt files located within shared network
drives, USB drives, external hard drives, network file shares and even some cloud
storage drives.
If one computer on a network becomes infected, mapped network drives could also
become encrypted. CryptoLocker then connects to the attackers’ command and control
server to deposit the asymmetric private encryption key out of the victim’s reach.
Victim files are encrypted using asymmetric encryption. Asymmetric encryption uses
two different keys for encrypting and decrypting messages. Asymmetric encryption is a
more secure form of encryption as only one party is aware of the private key, while both
sides know the public key.
While victims are told they have three days to pay the attacker through a third-party
payment method (MoneyPak, Bitcoin), some victims have claimed online that they paid
the attackers and did not receive the promised decryption key. US-CERT and DHS
encourage users and administrators experiencing a ransomware infection to report the
incident to the FBI at the Internet Crime Complaint Center (IC3).

Prevention
• Conduct routine backups of important files and store files on a UTHSCSA file server.
• Maintain up-to-date anti-virus software.
• Keep your operating system and software up-to-date with the latest patches.
• Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social
Engineering and Phishing Attacks for more information on social engineering
attacks.
• Use caution when opening email attachments. For more information on safely
handling email attachments read Recognizing and Avoiding Email Scams (pdf),
and Refer to the Security Tip Using Caution with Email Attachments.
• Follow safe practices when browsing the web. For further reading on Safe Browsing
habits, see Good Security Habits and Safeguarding Your Data.?

Mitigation
If your system becomes infected immediately unplug your system from the network and
contact the Information Security at 567-0707.

Again, the only recovery available is a good backup. Once this virus encrypts your files
there is no way to decrypt them. Your data will be lost unless a backup exists.