SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Warning: Ransomware email campaign on a rampage

Tue, 24th Mar 2015
FYI, this story is more than a year old

The Department of Internal Affairs is warning people to beware of a ransomware email campaign that could cripple IT systems.

Toni Demetriou, Internal Affairs electronic messaging compliance unit manager, says the emails purport to offer a person's resume or CV in an attachment but contains ransomware called “Cryptowall 3.0”.

He says they should be deleted immediately.

Cryptowall is a variation of ransomware, and encrypts files on an infected computer including any files accessible on network drives.

The victim can no longer access files on their computer, and is asked to pay around $665NZD, or 0.5 bitcoin, to receive the files.

The victim only has a certain amount of time to make the payment before the files will no longer be able to be saved (or ‘decrypted'). Cryptowall has been around for some time and is now up to version 3.0.

“Ransomware is a significant threat to IT systems. It's malicious software that can bring an IT system to its knees and hold a home user or large corporation to ransom.

“Yet, it can be activated by a few simple clicks in an email spam message. Once installed, it locks out the computer user and presents a message that demands payment in order to restore normal functionality to the computer,” Demetriou says.

He says people can protect themselves from such threats by: - Not opening attachments or clicking on hyperlinks in unsolicited emails - Ensuring computer systems are up-to-date and running up-to-date antivirus software - Conducting routine backups of important files, and keeping backups offline (i.e. not connected to the computer or network) - Educating other users about this threat.

The EMCU received one of the dodgy emails this week.

The message subject line said 'Resume [senders name]', and contained a zipped file (.zip) attachment titled 'Resume [senders name].zip'.

The zipped file contained the Trojan to Cryptowall. The body of the message reads: “My name is [person's full name], attached is my resume. I look forward to hearing back from you. Sincerely, [person's first name]."

Demetriou says the email message aims to attract or persuade the recipient into opening the attachment and could have been tailored specifically for Human Resource departments.

The form and content of such emails can change and it is important that recipients remain cautious to any unsolicited email messages, he says.

Follow us on: