Security, Cryptolocker, Ransomware, Malware

I opened an attachment that I think it might be malware or ransomware. What can I do?

Cryptolocker / Ransomware scams involve a type of malware that infects computers, restricts users' access to their files, and/or threatens the permanent destruction of their information unless a ransom is paid. Once ransomware launches on your machine, it is nearly impossible to access your files.

For university-owned machines,Please follow the steps in this KB article:Cybersecurity, Emergency Incident, Contacting Security

https://cybersecurity.illinois.edu/cybersecurity/report-a-cybersecurity-incident/

Disconnect all network connections (wireless and wired), but leave the computer turned on.

Contact your local unit helpdesk immediately.

What can you do to avoid this in the future?

Don't click suspicious links or attachments, and avoid using email for file sharing when you can.
Ensure the latest patches are installed for your operating system and software. Machines that aren't up-to-date are vulnerable and are highly targeted.
Install the anti-malware solution CrowdStrike Falcon for real-time mitigation of threats, including ransomware. See Endpoint Security, CrowdStrike, What is CrowdStrike?
Avoid enabling macros in Office documents. If you open a file that asks you to enable macros, embedded code can execute malware on your machine.
See Security, How to identify phishing attempts and similar scams for more tips.
Your files will be safer if back up your files to a cloud storage service that keeps a history or archive of your files. See Cloud, Cloud-based storage solutions for campus

Keywords:	crypto malware cryptovirus locky ransomware Suggest keywords	Doc ID:	62569
Owner:	Security S.	Group:	University of Illinois Technology Services
Created:	2016-04-07 11:15 CDT	Updated:	2023-09-25 15:06 CDT
Sites:	University of Illinois Technology Services
Feedback:	0 0 Comment Suggest a new document Subscribe to changes