New Cryptolocker variant discovered targeting Australians

New Cryptolocker variant discovered targeting Australians

Russian cybercriminals switch focus back to local market

The Cryptolocker ransomeware virus has reared its ugly head once again, on Australian shores.

The latest scam, detected by Australian email security firm, MailGuard, takes the form of an email claiming to be from Australia Post.

It alerts the email recipient of a parcel delivered to their residence.

This type of attack was prevalent throughout the country in 2014. Recently, similar attacks have been targeted at users in the US and Europe.

An example of a phishing email
An example of a phishing email

As per standard phishing emails, the recipient is asked to ‘click a link’ within the email that takes the user to a fake website.

A replica of the Australia Post website used in the current spate of phishing emails
A replica of the Australia Post website used in the current spate of phishing emails

One of the techniques used to confirm an email address from a more savvy user is inadvertantly prompting them them to click an ‘unsubscribe’ link contained within the email.

An example URL is This specific domain was only registered on 4 March. Mailguard said that criminals are registering new domains all the time. These new domains have been set up with legitimate SPF records in an effort to pass anti-spam filtering.

The website in this example appears to be an exact replica of the Australia Post website.

By completing the authentication process on the page and clicking download, the user is downloading a zip file which contains an executable file (or .exe).

Enter Cryptolocker

Once executed, the malware infects the user’s workstation and encrypts the user’s files, making them inaccessible. The perpetrator then typically demands a ransom paid in bitcoin to provide the decryption key.

While malware attached to emails can be stopped effectively by email filters, these ransomware scams appear as phishing emails containing ‘links’ to malware instead of sending the malware itself.

MailGuard said it has has seen a number of Cryptolocker viruses targeting Australian businesses. They appear to be testing in small batches and the company anticipates large volumes to be flooding inboxes in the coming days and weeks.

Email users need to be aware of the tell-tale signs of Cryptolocker and other spam containing malware.

The firm advises users not not click links within emails that are not addressed by name or have poor English; are from businesses users were not expecting to hear from; ask to download any files, namely with a .exe file extension; or take the user to a landing page or website that does not have the legitimate URL such as

MailGuard said it has quarantined a large number of these fake Australia Post notifications and is constantly assessing these new variants.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags australia postCryptolockermailguardransomwaremalware is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments