Protect against CryptoLocker & other malware

There has been a recent resurgence of a type of malicious ransomware software known as "CryptoLocker." The CryptoLocker family of malicious software arrives as an email message that is intended to look like legitimate email from a known sender. The message includes a .zip attachment containing a Windows program disguised as a PDF that, when opened, will encrypt files on the victim's hard drive as well as any mapped network drives where the victim's account has write permissions. The victim is then prompted to send an electronic ransom payment to the attacker in order to get a decryption key.

Some basic good security practices can help defend you against attack:
  • Exercise caution with unexpected email attachments and their contents, and be aware that they can be disguised as other types of files.
  • Remember that sender information on an email message can be falsified.
  • Maintain up-to-date backups. A good backup is critically important if you've already been affected.
Windows users can further protect themselves against CryptoLocker and other types of malicious software by:
  • Using an unprivileged (non-Admin) account for routine computing.
  • Implementing a Software Restriction Policy to confine program execution to specified hard drive locations, rather than allowing program execution from arbitrary locations such as mail folders.

    Note: IMSS Managed Computing systems use both of these measures to help protect against infection.
More information about Cryptolocker ransomware can be found at http://en.wikipedia.org/wiki/CryptoLocker. For further assistance or advice, please feel free to contact the Help Desk (x3500, https://help.caltech.edu.)