

Multiple computers at Carleton University infected by ransomware. Criminals demanding 39 bitcoins to decrypt files.

Large ransomware outbreaks seem to be a theme this week with first the San Francisco MTA getting hit by HDDCryptor and now Carleton University in Canada being affected by an unknown ransomware. Starting this morning at 8:51am EST, Carleton's Computing and Communications Services department started tweeting updates about networking and computer issues that were impacting the services at the college.

Network issues are being experienced impacting a number of services including email, Banner, Carleton Central. The team is investigating. — CCS (@Carleton_IT) November 29, 2016

We have detected a threat to our network. Our team is assessing the situation and taking steps to secure the network https://t.co/DxTbU3fyOV — CCS (@Carleton_IT) November 29, 2016

Please refrain from connecting to our network at this time. It is safe to access applications (cuLearn, portal, etc) from off campus. — CCS (@Carleton_IT) November 29, 2016

A more detailed update on the IT department's web site indicates that multiple Windows computers on the university's network were infected by a ransomware infection and that any students or faculty that see ransom messages should contact school officials.

Message from the Carleton University IT Department

Type of Ransomware is unknown but criminals supposedly asking for a 39 bitcoin Ransom

At this time it is now known what ransomware Carleton has been infected with, but I have reached out to their IT department to see if I could help. At the time of this posting, I have not heard back from them.

CBCNews, though, has reported that a graduate student has stated that each infected computer has a message asking for either 2 bitcoins to decrypt the individual computer or 39 bitcoins to decrypt them all.

A graduate student at the university emailed CBC to say the attackers have asked for payment in bitcoin, a digital currency that is difficult to trace. According to a message he saw on a school computer, the attackers are asking for either two bitcoin per machine, or 39 bitcoin total to release the encrypted files

- CBCNews

As more information is uncovered I will update this story.