What to do:

  1. Ensure that all essential data is backed up to multiple devices (this malware “can” spread to other drives including network drives) therefore external storage should be considered and backed up frequently.
  2. Ensure that you have the spam filtering rules applied to your email account to prevent phishing and other bogus email from being delivered to your Inbox. For instructions see the following (PDF)
  3. Validate that your machine has current virus protection installed.
  4. If you do receive a suspicious email please enlist technical assistance before taking any action (including clicking on links, or replying).
  5. If you suspect that it is possible that you have come in contact with a bogus phishing scam or virus change your password to something totally different from your previous password. DO NOT RECYCLE PASSWORDS from your University account on other systems such as Facebook.
  6. Several security risks are also associated with old versions of Java, and Adobe products. Please ensure that you are running the latest version of both by going directly to the company web sites for updates.
  7. If you come in contact with this virus and you see the following screens, first disconnect the network cable or turn off the wireless antenna immediately, and remove any external devices. Then contact your departments technical support person immediately.


What the messages may look like once the machine is infected:

Ransomware instructions.  What messages look like.


Samples of the different type of payment methods requested, these also include “Green Dot” credit cards.

Ransomware Instructions. Samples of payment methods

Final message may look like this:

Ransomware Instructions. Final Message.