For the last few weeks, we have been getting spam emails that contain a .zip attachment. Within the .zip file, there is an .exe application that usually has its icon replaced to represent the type of file it is attempting to spoof. The emails have spoofed @purdue.edu accounts and appear to have some business related subject. Please be aware of attachments from unknown or untrusted sources. Also analyze the contents of the attachment before trying to open anything. Many issues can be avoided if you have file extensions shown or look at the type column of the detailed file explorer view. If the file is a .exe or application file, you should not proceed to run the file unless the email is confirmed to be from a trusted source.
The malware is a Ransomware/Cryptoware type and will target personal files and anything on mapped drives. The malware will encrypt those files and ask the user to pay a fee for the files to be unlocked. We advise you to not proceed any further with paying to unlock your files because you will be passing credit card information to the attackers. Also, it is not a guarantee that they will unlock your files and the malware will still be present on your system.
Since the affected files are encrypted, they are useless. We advise that the system be reimaged and restore any backups taken.
If you receive any of these emails, please forward to firstname.lastname@example.org and then delete it from both your inbox and sent folder.
Posted by ITSP on October 23, 2013, in Secure Purdue News.