On Thursday afternoon, a Boston College faculty member emailed Information Technology (IT), saying that he or she had received multiple emails with an attached .docm document.
The email, received by about six students and staff, contained a virus known as Locky that can encrypt the recipient’s computer and the drives of any computers connected to it, David Escalante, director of computer policy and security, said. In other words, if a student has an external hard drive attached to his or her computer to save documents and the computer get the virus, it will wipe the hard drive, too.
If someone receives the virus on a computer that is linked to a shared-file server, he said, then all of the computers on the system could lose the shared documents. This is a large concern, as most of the members of the academic departments work on the same file-server.
The IT department reached out to the IT departments of other schools, as they usually do, and found that the virus has been documented at other schools as well.
According to Forbes, over 100,000 computers received the virus on Feb. 17, and the people who created the virus have been asking for $420 to restore the victims’ computers.
Escalante estimated that many thousands of emails with the virus were sent out, but only about half a dozen students received the emails in their inboxes. Many of the security measures—anti-virus and spam control—sent the rest of the thousands of emails to students’ spam folder.
“We’re not aware of anyone that’s become encrypted, as of Friday morning, to which I would breathe a huge sigh of relief.”
—David Escalante, director of computer policy and security
What makes this virus particularly difficult, he said, is that it is not “binary”—usually either all of the emails will get past anti-virus and spam measures or none of them will.
“In this case, none of this is true,” Escalante said. “We know it’s gotten through to some people, but there are other people who are in IT who said we could look at their mail boxes, and they seemed to be the target of messages, but the messages never actually got through [to their inboxes]—so it was blocked.”
The IT department is trying to understand why, in this case, some emails got through to students’ inboxes, while others did not.
One theory they have, Escalante said, is that the virus is constantly changing. Each email is similar enough that they understand it is part of the same virus, but they all have slight variations. Because the emails are always changing, it makes it difficult for IT to analyze the virus and find appropriate means to stop the spread of the virus.
BC has not had an email virus like this in several years, Escalante said, and IT is still investigating it.
Although he was not exactly sure why students were receiving the virus, Escalante decided to send out the email as a preventative measure so that students and faculty could hopefully avoid the detrimental effects of the virus.
“We’re not aware of anyone that’s become encrypted, as of Friday morning, to which I would breathe a huge sigh of relief,” he said.
Yesterday afternoon, one of IT’s security vendors launched a troubleshooting session to make some adjustments to their filtering software, Escalante said in an email. These measures, he said, will make it much less likely for any future Locky attacks to get into students’ emails.
Featured Image by Julie Orenstein / Heights Senior Staff