Security warning: Emails containing Trojan ransomware

What is Trojan ransomware?

Trojan ransomware encrypts data on your hard drive, externally-connected drives such as USB sticks and network drives such as NAS filers or Sync&Share folders, if they are available. That means you no longer have access to your data. The perpetrators of the ransomware then demand ransom money in the form of a Bitcoin (electronic currency), otherwise the data is usually lost. If you're lucky, the criminals botched the encryption so that it can be cracked, but don't rely on it. That leaves you with the only option of paying the ransom, although we strongly recommend against it! Further below, you will find preventive measures essential to prevent data loss if your computer is infected. By the way, Trojan ransomware exists for all platforms, even smartphones (Android)!

Propagation paths

An increasing number of emails are currently being circulated with attachments disguised as invoices, faxes or scanned images (as many printers do today). While the attachments frequently have office documents or ZIP files, links to harmful websites can also trigger the malicious encryption.

Measures

The LRZ virus scanners can already detect some ransomware and reject the emails. Unfortunately, antivirus program developers are by nature a step behind malware programmers. That means you can still find the latest malware in your inbox under certain circumstances. With this in mind, we have outlined several key points for you:

We encourage you to carry out the following prophylactic measures:

Set up general SPAM protection

In addition to scanning emails for viruses, LRZ also looks for signs of spam and flags the emails accordingly.

Emails containing ransomware in the attachment often exhibit spam characteristics. You can utilize this flag as a second wall of protection. Configure your email client to filter out spam. Additional information is available at: www.it.tum.de/it-sicherheit/anleitungen/schutz-vor-unerwuenschten-e-mails/.

Backup

Backup your data on a regular basis. Additional information about the LRZ backup services is available at: www.lrz.de/services/datenhaltung/adsm/.

If you backup your data on an external drive or USB stick, remove the device from the computer after creating the backup, otherwise this data can be encrypted as well.

Deactivate macros

Because malware can also be propagated via Office documents, run Office document macros only if the document is from a trustworthy source. Documents from unknown sources or unsolicited documents should never be considered trustworthy. In the current Office version, the default setting for macros is "deactivated." It's better if you leave it that way.

Work without administrator rights

Never work on your computer with administrator rights. Malware can cause even more harm if you do.

Security updates

Install security updates in a timely manner.

Virus scanner

Make sure you install a virus scanner and that it receives regular updates. LRZ offers the Sophos virus scanner at no cost for all members of TUM.

Stay informed

Learn how to handle phishing emails. In most cases, whatever measures you learn about can be used here as well: www.it.tum.de/it-sicherheit/glossar/phishing-mails/

When in doubt, ask

If you are not sure if an email is legitimate or malicious, forward it to TUM IT Support (it-support@tum.de) where it can be analyzed more closely. It's important to know if you are expecting such a document and if you know who the sender is.

In case of an infection

Additional information

Follow the links below for more information: