Community College of Rhode Island

Go to 50th Anniversary website

Get Adobe Reader

*PDF files require Adobe Acrobat Reader to view - Download here

IT News

November 2013

CryptoLocker

CryptoLocker MalwareCryptoLocker Malware is a malicious infection of your computer that is spreading rapidly with the number of cases nationwide tripling in the month of October. This Ransomware application has been found in North America, Europe Middle East and the Asia Pacific. Almost two-thirds of the affected victims – 64 percent – were from the U.S. These threats arrive in email refining a previously known infection tools, rather than the creation of entirely new threats.

When CryptoLocker strikes, all of your personal files are encrypted and you receive an email message stating that your files are being held ransom. You are then requested to send money through a URL link and a code will be delivered to you that will unlock all your files enabling you to resume using your computer. Typically this Ransomware gets loaded into your computer by responding to anonymous or cleverly disguised email enticing you to take advantage of some wonderful offer or some free service. Most of these messages come unexpected, from strangers or through unknown email accounts. These are the spear phishing threats that IT has been warning everyone against for many months.

There are different ways to handle the CryptoLocker threat. Since this threat starts as a spam carrying TROJ_UPATRE (a downloaded), its success depends on how you respond to it. IT reminds you that if you suspect that you are being sent a spammed message that looks particularly “fishy” to send it to mailadmin@ccri.edu before opening it or clicking on any link or opening any attachment. IT will investigate that message and if it is clean, IT will let you know that it was OK and send it back to you. If not, IT will seek and destroy any further emails arriving from the email account that sent along the nasty infection.

Other safe computing practices to consider when opening emails and file attachments, in general:
  • Always check to see who sent the email.
    • The email address of the sender is often a dead giveaway that bad intent is attached. If the email is supposedly coming from a bank, verify with your bank whether the received message is legitimate. If from a personal contact, confirm if he or she sent the message. Do not rely solely on trust, as your friend or family member may be a victim of being spammed as well. These are cleverly disguised attacks on your personal account, your specific information and anything that can be used for malicious purposes.
  • The content of the message might have some easily discovered hints.
    • Some obvious errors that you can spot are a claim from a bank but with information misspelled, incorrect in content or just plain wrong. If a friend states that he or she has received something from you and you didn’t send anything, be wary. Try to go to your recently sent items to double-check the claim. Remember that email is easily compromised when common sense and care is abandoned and so your friend’s account could be an attack as well.
  • Never click links in email when unexpected.
    • In general, clicking on links in email should always be avoided. It is safer to copy the link and use a browser to visit the site than to directly click on a link in an email message. If you have to click on a link in email, know that CCRI uses Web reputation to check the link. Web reputation is a means of identifying known “bad” sites that infect your computer or have been known to install malware on your computer through a simple visit to the site.
  • Use a licensed, paid-for anti-virus program.
    • Acquiring a licensed and paid-for anti-virus program for your computer is the best protection. CCRI licenses Sophos on campus and has a home use program that you can use through the Service Desk (ext. 1112). Regularly updating your anti-virus software provides an important layer of security against many attacks. Ensuring that your computer is updating that anti-virus program as updates arrive is extremely important.
  • Schedule a regular backup of your important data.
    • There is no known tool to decrypt the files encrypted by CryptoLocker. One good safe computing practice is to ensure you have accurate backups of your files. Whether using a cloud-based backup service or any of the commercially available backup programs, keeping a recent backup of your personal files is ALWAYS a good idea. Important to note that the backup must be maintained on a separate device, such as an external hard drive, a thumb drive or even a cloud-based system. Storing the backup on your computer does not protect it from the CryptoLocker attack.

      When discussing the topic of how often to perform a backup, the question stems around your comfort level. If your files are extremely important to you, then a daily backup might be in line. The timeline for backups then has more to do with the value you place on those files and how much you need to have them available in the event of this Malware attack.

CCRI does an excellent job of protecting computers and files on campus. While the college does not have strict attachment blocking policies, in the event of a major Malware outbreak, these would be considered to ensure that the problem is encapsulated and contained. This would obviously be an extreme situation but one that would assist in getting operations at the college back to a state of normalcy.

Another approach that could be of use in an extreme case would be to establish a list of white listed software applications and take advantage of certain operating system security features on individual computers. This would complement CCRI’s overall security strategy. The current CCRI email reputation service is able to block spammed messages with malicious attachments to the extent that 98 percent of all email is blocked as spam.

Everyone today must rely on good anti-malware software, education and awareness and regular anti-virus software updates to defend against CryptoLocker and similar threats. Cybercriminals are getting increasingly effective and, as such, computer systems must be likewise hardened to resist their attacks. Taking a holistic approach to addressing infections addresses the rate of the infection while helping to break the Malware chain by providing a defense in depth strategy that covers multiple facets of an attack.

Spear phishing

Spear PhishingPhishing hooks more than its share of people and CCRI is no exception. In the last six months, 30 individual accounts have been compromised. A new threat has evolved, a new tool called the Microphisher. This application gathers the digital breadcrumbs (the visits you have made from site to site across the Internet) users leave through social networks, mailing lists, online forums and beyond. Cybercriminals are excellent at data mining and can find patterns in the way someone uses the Internet in order to craft a more enticing attack based on the individual.

Microphisher builds a database of social network status updates and uses these to build user profiles. Those profiles help to build data structures for the most commonly used words, as well as the people most frequently interacting on those social networks, hash-tags and Geolocation information. The tool uses that information to rank how close phony content is to legitimate content produced by the sites visited. And any kind of file is a resource: pictures, geolocations, movies, messages to friends, etc. All of these reflect an online persona of the individual using the sites and a susceptibility ratio for what the individual will use.

The tool just wants to produce content that looks like it was written by the social media site and it uses the official APIs for obtaining data, although it may be subject to restrictions by some social networks.

At the recent Security Awareness Day at CCRI, several collection agents were demonstrated both in a social media context and otherwise. Having awareness and educating yourself to the various means in which data about your is collected is a powerful weapon for protecting your privacy, your personal information and your computing environment.

BYOD

Bring your own deviceThe “bring your own device” (BYOD) phenomena is absolutely in full bloom here at CCRI. Take a walk up to the sixth floor at the Knight Campus any day and you can see it in action. The thumbs are blazing away on text message after text message; people are keeping in touch and being always online. Sit in any of the cafeterias across the college and students are engaging themselves in these easy-to-use, minimal-learning-curve devices. Whether iOS or Android, the Smartphone explosion is as prevalent here at CCRI as at any other higher education institution in the nation.

IT knows that it needs to be actively occupied in establishing a BYOD management program and policies. Personal devices are a very tricky arena and the manner in which we help our faculty members and staff manage these devices is extremely important for the protection of the institution and the individuals employing them.

On-premises and cloud-based BYOD management tools are available and gaining in maturity, but the majority of IT teams are still playing catch-up with in-house BYOD policies. It is estimated that about 60 percent of workers today access company data on their Smartphones and tablets, but only a third of businesses have implemented management tools and processes for those devices. Only about 30 percent of businesses have any type of management in place.

One approach to BYOD management involves cloud services with the majority of the mobility management vendors having a mix of cloud and on-premises offerings to cope with the different demands. The individual tools employed must meet the cultural and technical needs of the institution and its BYOD consumers. This is not a simple decision with mandated policies but instead a comprehensive plan designed to inform, protect and enable the individual to have choices.

Any BYOD policy has to have input from across the college. BYOD management includes not only IT, but also users, decision-makers and the human resources and legal departments. This strategic decision affects many and so must involve many in the planning and implementation of the policies and processes surrounding BYOD.

Policies must be clear and compliance somewhat mandatory in regard to college-related data. Obviously any policy must be legal and the rules clear to all employees about joining, leaving or altering participation in a BYOD program and to their device getting locked if it gets lost, stolen or compromised.

Mobile devices contain Global Positioning System (GPS) receivers to cameras and audio recorders. Any device management program should cover the use of these features as well. Though data loss is a primary concern, the loss of intellectual property is equally disconcerting.

Another risk of using mobile devices is access to insecure Wi-Fi networks and the limitations of their security measures. Potentially some networks might be labeled off limits, based on security alerts. Encryption and access control are musts on any device where college-related data resides.

Loss, theft and exit policies, along with technical issues, raise the security stakes and so a delicate balance related to these risks must protect users' personal information while maintaining the college’s reputation.

The impact of mobile devices at CCRI is still being felt and BYOD clearly has a place in our culture. While these tools provide unimaginable possibilities and their growth becomes astronomical in our society, their capabilities bring new risks and it is imperative that CCRI become proactive in the management of these devices, whether college-owned or personal. If one believes that the college has a responsibility to protect the privacy of its constituents and at the same time provide an open and information-available environment for students, faculty members and staff, then necessary caution must be taken in protecting the devices and networks on which the people we support work.

Go to top of page

This page developed and maintained by the Chief Information Officer. Send comments and suggestions to .


Last Updated: 11/7/14