IT Security Information: malware demands payment of a ransom  [09.03.16]

As you have possibly read in the media, the use of what is known as ransomware, or "crypto trojans", is becoming more widespread. The current examples are known as "Locky" and "Teslacrypt".

This is malware that encrypts specific files on your PC and connected network drives and makes them unusable. The malware programmers then demand payment of a ransom.

This malware is spread above all by attachments to email messages. Often the sender addresses of emails are changed to give the impression that the emails come from your own or a related system. The attachments often appear to have a business context, such as invoices, reminders, contracts or applications.

This malware is also spread is through compromised websites: the harmful software is installed automatically and unnoticed simply by accessing a website in your browser, with well-known vulnerabilities being specifically exploited.

We would recommend you to take the following preventative measures to reduce the risk:

• Regularly back up your data.
• Regularly install the latest signatures of your anti-virus software.
• Install security-related updates as soon as they have been released by the manufacturer.
• Take note of unusual emails and never open any attachments that you do not recognise (e.g. invoices).
• Never implement "batch files" (*.bat; *.cmd) or "executable files" (*.exe; *.com) emailed to you.
• Set up "Microsoft Office" so that macros cannot be performed automatically.

Proceed as follows should you be unlucky enough to be affected by malware such as this: 

• Disconnect your PC from the network (disconnect network cable, disable Wi-Fi).
• Switch off your PC.
• Inform the IT Security Officer.

Please refer any questions to the IT Security: itsec@uni-hohenheim.de 

Back to All news