Other colleges and some corporations are reporting incidents of Windows computers infected with a new type of ransomware called variously Cryptlocker, Filecoder, Crolock.A or Trojan:Win32/Crilock.A. You get this ransomware on your Windows computer by opening an email attachment that contains the program. Typically the email accompanying the attachment refers to your complaint, consumer complaint, or customer complaint. The attachment may be labeled or described in the email as containing details of the complaint resolution and/or as having compensation or refund information. Do not open the attachment to avoid getting the infection.

If you try to open an unsafe email attachment the College antivirus/anti-malware software ESET will in some cases block the action. In other cases, ESET will warn you not to open the file. ESET will not give false positives and ESET warnings about unsafe files should not be overridden. ESET should at least alert about and in some cases will block the Cryptolocker types of malware as long as ESET is up to date.

If you have questions about an email and whether it is legitimate or not, about malware or ransomware, about ESET being up to date, or you get this ransomware on your computer, please contact the Amherst College IT Help Desk. Also, if you get this ransomware on your computer as applicable immediately unplug your computer Ethernet cable and/or turn off your wireless or Wi-Fi internet connection. 

For more information…

Ransomware is a form of malware (nuisance or malicious programs of which viruses are one kind) that typically locks a computer up in some way and demands money in return to release the computer. A common form of ransomware going around is known as the "FBI virus" or "FBI ransomware". That ransomware says that you have done something illegal and the FBI wants you to pay a fine to them. This is fraudulent. If your computer has a webcam the ransomware may take your picture with the webcam and insert your picture into the fraudulent FBI warning to make it seem more official and intimidating.

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/ (external link to emsisoft.com, an anti-malware software company's website)

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FCrilock.A&ThreatID=-2147284168 (external link to Microsoft.com)

http://kb.eset.com/esetkb/index?page=content&id=SOLN3433 (external link to eset.com)