Skip to content Skip to main navigation Report an accessibility issue

Important Computer Virus Warning

Dear Graduate Students,

James Remington, IT Team Leader in our College, asked us to forward this computer virus warning to you. I am not sure to what extent students have access to some of the suggested solutions (e.g., shared drives), but you need to be aware of the threat anyway. Please take the time to read the message below.


Computer Security: CryptorBit Makes a Debut

The campus has had its first reported case of a CryptorBit infection. Although it’s not a variant of CryptoLocker, it does exactly the same thing – it encrypts all of the files on your hard drive as well as any connected, network drives that you have access to.

First spotted in September 2013, CryptorBit is an infection that is activated by clicking on links in a spam message or malicious email, or websites while browsing the web, or by opening an attachment in an email from a malicious source.

 Once your system gets infected by the CryptorBit, it will encrypt your files and hold them until a ransom of $50 – $500 or more is not paid. It will display a warning for you i.e. “YOUR PERSONAL FILES ARE ENCYPTED,” following a warning message, i.e. “All files including video, photos and documents, etc. on your computer are encrypted.”

The Warning note on the screen instructs the victim to download the Tor browser and access a hidden website for paying the ransom money. In addition, it may threaten you to pay the ransom within 24 hours. Otherwise, it will damage all of your personal and system files completely. CryptorBit is totally a scam designed by cyber criminals, because even after paying the ransom amount it will NOT decrypt your files. It forces users to pay for the fake private key to decrypt files.

The spam emails may appear to be sent from people you know, so it’s very important for users to be careful while reading such malicious emails and if it doesn’t look right, it’s probably not. The best protection against CryptorBit is a good backup. It is strongly recommended that faculty/staff keep their important files on their personal H:\ drives or departmental shared drives, and not on their desktops or local folders. True, CryptorBit can and will encrypt the data on the H:\ and departmental shared drives but the chances of having a backup of the information is greater.

Even when antivirus programs and other security policies and procedures are in place, it will not prevent a CryptorBit infection. Everyone should be especially careful with emails and web browsing.

How can I protect my files?

The only way to protect your important files is to store them in a location that has regular backups.  That includes network resources like your H:\ drive or your departmental share drive.  CEHHS computers are setup to store your documents folder on your network share, but other folders are not setup in this manner.

Examples of places that would have a high chance of recovery:

Your H:\ Drive.

Your Departmental Share Drive

Your Documents folder (it is redirected to your H:\ Drive)

Your Dropbox Folder. (You can recover dropbox files from their web interface)

Examples of places that would NOT be recoverable:

Your Desktop

Attached USB drives such as thumb drives or external hard drives

Folders and Files on your C:\ Drive

If you are currently storing important information in any of the unsafe locations, please call us to discuss ways to store your information in more secure locations.

Jeff Abrams-Cohen (974-0910)

Steven Lewis (974-2443)

James Remington (974-4476)

If you think you have the CryptorBit infection:

1.       DO NOT CLICK ON IT! Clicking on an infection alert is often the method by which the infection tricks you into activating it.

2.      SHUT DOWN YOUR COMPUTER – in order to prevent further damage to your files, shut down your computer right away. If you don’t see your start menu because it is hidden by the infection, hold down the power button on your computer until it shuts off. Unplugging your Ethernet cable is a good thing to do as well.


Jeff Abrams-Cohen (974-0910)

Steven Lewis (974-2443)

James Remington (974-4476)

Do not attempt to continue working on your computer – the longer you wait, the easier it is for infections to embed.

Finally, we need your help to get this information to Graduate and Undergraduate students within your department.  If you have email lists of students please forward this to them.  I cannot stress how destructive this infection is, and it can be greatly minimized by changing the location of your files.

James A. Remington

IT Team Leader, CEHHS

University of Tennessee, Knoxville