Carnegie Mellon University Website Home Page

SECURITY ADVISORY: CryptoLocker Malware Restricts Access to Computer Files

Anyone using Microsoft Windows 7, Vista and XP operating systems.

Malware known as “CryptoLocker" is affecting Windows computers across the Internet and here on campus. Cryptolocker encrypts the infected computer’s documents so that they are no longer usable and then displays a webpage demanding payment to restore them. It can encrypt files located on shared network drives, USBs, external hard drives and even cloud storage drives.

CryptoLocker spreads via phishing email attachments that links to compromised or malicious web sites. The Information Security Office (ISO) reports that in a recent wave of phishing emails targeting campus, two individuals opened the CryptoLocker attachments. Fortunately, their anti-virus software caught it before it was too late.

The ISO recommends that you take the following preventive measures:

  • Avoid clicking on attachments and links in unsolicited email.  For example, CryptoLocker has been found in fake FedEx and UPS tracking notice emails. With the holiday shopping season gearing up, scams like this will increase. Stay alert and verify before you click.
  • Back up your documents to off-line storage regularly.  That way you’ll have a copy that is beyond malware’s reach and can be used to restore your files if needed.
  • Install Symantec Endpoint Protection. Run updates and scan your computer at least once a week.
  • Ensure that your computer's browsers are up-to-date with the latest software patches by running the ISO Patch Check at
  • Keep your operating system up-to-date with the latest security patches by enabling Microsoft auto-update.
  • Be cautious when online shopping and when browsing the web. Visit only trusted sites with a legitimate web address (URL). For example, is a legitimate web address, whereas is not.
  • Avoid clicking on promotional pop-up windows or those informing you of a potential threat to your computer. To close the pop-up, click ALT+F4. Clicking on the pop-up window’s “X” button can trigger a malware download.
  • If you receive a payment demand or otherwise suspect a computer compromise: do not respond and immediately disconnect your computer from the network (wired and wireless) and then contact the ISO at for further instructions.
To read more about CryptoLocker, visit:

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or or to your departmental administrator or DSP consultant.