Virus Alert

New CryptoLocker Variant Alert

Over the past few days we have noticed an increased circulation of variants of the CryptoLocker Virus, which will infect your computer and encrypt all usable files such as Word Documents, Excel, Access, MYOB, executable files…etc.

This virus will infect the local machine then spread to network drives and encrypt files. The scam involves you paying an amount of money to get a key to unlock the files, with no guarantees.

There is no way to cleanly remove the virus from the machine or decrypt infected files. The only way to restore files would be to restore from a recent backup. The machine would require formatting and reloading from the beginning.

The virus is spread by email, with the malware hidden within the emails.

Recent examples include:

  • an email “Offence report – Penalty Number :xxxxxxx” masqueraded as an infringement notice.
  • an email that says a parcel is ready to be picked up from a local Australia Post office.

If you receive such email please delete it immediately.

A few tips to help you stay protected:

  • Please ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • Alert users to new malware campaigns immediately. These typically increase over the holiday season
  • Educate users about phishing emails and other social engineering tactics
  • If the email is from someone you do not know, do not open it
  • Implement effective email security tools and policies, such as blocking executable or zipped attachments from unknown senders, or setting email filtering rules.
  • Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
  • Microsoft Essentials, AVG, and other free AV products should not be used
  • Isolate infected endpoints from the network as soon as possible
  • Subscribe to alert services such as Australian Government’s Stay Smart Online, which updates on the latest trends in our region.

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

For further information on the CryptoLocker Virus, please click here.

**UPDATE 1st April 2015**

This second round of NSW Office of State Revenue (SDRO) fake emails are even more legitimate looking, making it of high risk to recipients.

Below are some screenshots of the email and the website it links to.

 CryptoLocker SDRO Scam Email
Scam email from SDRO

CryptoLocker SDRO Scam Website
Scam website imitating the SDRO

Once the user submits the security code to download their penalty or reminder notice, it downloads a malicious file containing the CryptoLocker virus variant.

SDRO has issued a statement on their website clarifying that they do not issue fines by email and they are only ever issued on the spot or by post.

Some key indicators that this email is fake:

  1. The email has not addressed the recipient by name.
  2. The email cites a traffic offence, however there are no car registration details mentioned.
  3. Hovering over the INVOICE and VIEW CAMERA IMAGES buttons, you can see that the link is not directed to a legitimate government website.
  4. The official website address is sdro.nsw.gov.au while you will see the fake one is nsw-gov.org.
  5. If you do visit the official website they have issued a scam alert, stating that the SDRO does not issue penalty notices or penalty reminder notices by email.

Another scam email also containing the same virus is one from Australia Post, similar to the below:

Australia Post Scam Email

 

auspost suspect email

Scam email imitating Australia Post

Fake Phone Bill - Cryptolocker

Scam email imitating Energy Australia

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.