Beware Ransomware Scam

A ransomware scam was delivered to University of Illinois email accounts the week of April 4, 2016. If you receive a message with an attachment from someone you do not know, do NOT open the attachment. 

If you have already opened a suspicious file sent to you via email attachment, please contact the Technology Services Help Desk (217-244-7000) ( or contact your local IT professional.


Ransomware Details

Here is a screenshot of one of the versions of the email that has been reported to Technology Services:


This particular ransomware scam relies on a virus called Locky. Locky is a virus that encrypts files and then holds them for ransom until you pay to have them decrypted. Locky can encrypt files on your local hard drive, network shares, and cloud storage.

Locky typically arrives via a malicious email attachment (Word, Excel). In that attachment will be code that executes the encryption part of the virus. This code will encrypt files and make them inaccessible to you. Technology Services has received reports of this virus across campus today.


What is Campus Doing?

Technology Services and department IT staff are working to put protections in place to block these malicious emails from being delivered. However, even with these protections in place some copies of the email may be delivered. This means that individuals will need to make sure that they can spot these messages, and when they do spot them, that they delete the messages without opening the attachments. 


Further details

There are several variants of this scam email that are attempting to reach University of Illinois inboxes. Some of the subject lines that Technology Services has observed are:

  • “Remittance Details (USD 2103.13) –”
  • “Your Latest Documents from Angel Springs Ltd [STA054C]” 

Some of the attachments include these file names:

  • “Remittance Details (USD 2103.13)_700.doc”
  • “G-A0288010040780590521.docm”
  • “G-A0288010040780590521.pdf”

More information on the ransomware can be found in the Technology Services KnowledgeBase:

Microsoft has also provided information that can help mitigate the Locky malware: