The following is a general alert about CryptoLocker

The following is a Queen's University ITServices notification. The following is a general alert about CryptoLocker, a type of malware known as "ransomware."

Description: CryptoLocker is malware that infects a computer when someone clicks a link or opens malicious attachments in a phishing email. These phishing emails often resemble Fed Ex or UPS tracking notices. Once the computer is infected, the malware will encrypt files on the computer and display a message demanding that a ransom be paid to the attackers to decrypt and recover the files. You should never reply to the attacker or pay the ransom. You will be increasing your risk by disclosing your financial details.
A number of incidents involving CryptoLocker have been reported by other universities; however, there have been no reports at Queen's to date.

Recommended Actions: If your system has been infected by CryptoLocker, or any other type of ransomware, do not pay the ransom. Report the incident immediately to the IT Support Centre using the contact information at the end of this message. As soon as possible, disconnect your computer or device from the network to prevent the malware from spreading to other drives or devices. In general, the following actions can be taken to prevent or mitigate the risks of malware infection:
1. Use caution when opening emails and attachments, and when clicking links within emails. Avoid opening unsolicited emails from unknown sources entirely.
2. Ensure your antivirus software is up-to-date, and perform regular scans for malware.
3. Keep your operating system up-to-date, plus any other software, including web browsers and extensions.
4. Make regular backups of important files, and perform routine system backups. Keep your backups offline.
5. Do not click on popup windows if you are unsure of their origin.
If you receive a suspicious looking email, forward it, with all headers and the entire message, to Instructions for expanding headers are found here:
For more information about ransomware, please read this CCIRC bulletin: --------------------------------------------------------------

Posted: 2013 November 25