Story image

Warning: Ransomware email campaign on a rampage

24 Mar 15

The Department of Internal Affairs is warning people to beware of a ransomware email campaign that could cripple IT systems.

Toni Demetriou, Internal Affairs electronic messaging compliance unit manager, says the emails purport to offer a person’s resume or CV in an attachment but contains ransomware called “Cryptowall 3.0”.

He says they should be deleted immediately.

Cryptowall is a variation of ransomware, and encrypts files on an infected computer including any files accessible on network drives.

The victim can no longer access files on their computer, and is asked to pay around $665NZD, or 0.5 bitcoin, to receive the files.

The victim only has a certain amount of time to make the payment before the files will no longer be able to be saved (or ‘decrypted’). Cryptowall has been around for some time and is now up to version 3.0.

“Ransomware is a significant threat to IT systems. It’s malicious software that can bring an IT system to its knees and hold a home user or large corporation to ransom.

“Yet, it can be activated by a few simple clicks in an email spam message. Once installed, it locks out the computer user and presents a message that demands payment in order to restore normal functionality to the computer,” Demetriou says.

He says people can protect themselves from such threats by:
- Not opening attachments or clicking on hyperlinks in unsolicited emails
- Ensuring computer systems are up-to-date and running up-to-date antivirus software
- Conducting routine backups of important files, and keeping backups offline (i.e. not connected to the computer or network)
- Educating other users about this threat.

The EMCU received one of the dodgy emails this week.

The message subject line said 'Resume [senders name]', and contained a zipped file (.zip) attachment titled 'Resume [senders name].zip'.

The zipped file contained the Trojan to Cryptowall. The body of the message reads: “My name is [person’s full name], attached is my resume. I look forward to hearing back from you. Sincerely, [person’s first name]."

Demetriou says the email message aims to attract or persuade the recipient into opening the attachment and could have been tailored specifically for Human Resource departments.

The form and content of such emails can change and it is important that recipients remain cautious to any unsolicited email messages, he says.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.