The Cryptolocker ransomeware virus has reared its ugly head once again, on Australian shores.
The latest scam, detected by Australian email security firm, MailGuard, takes the form of an email claiming to be from Australia Post.
It alerts the email recipient of a parcel delivered to their residence.
This type of attack was prevalent throughout the country in 2014. Recently, similar attacks have been targeted at users in the US and Europe.
As per standard phishing emails, the recipient is asked to ‘click a link’ within the email that takes the user to a fake website.
One of the techniques used to confirm an email address from a more savvy user is inadvertantly prompting them them to click an ‘unsubscribe’ link contained within the email.
An example URL is ustr-post.org. This specific domain was only registered on 4 March. Mailguard said that criminals are registering new domains all the time. These new domains have been set up with legitimate SPF records in an effort to pass anti-spam filtering.
The website in this example appears to be an exact replica of the Australia Post website.
By completing the authentication process on the page and clicking download, the user is downloading a zip file which contains an executable file (or .exe).
Once executed, the malware infects the user’s workstation and encrypts the user’s files, making them inaccessible. The perpetrator then typically demands a ransom paid in bitcoin to provide the decryption key.
While malware attached to emails can be stopped effectively by email filters, these ransomware scams appear as phishing emails containing ‘links’ to malware instead of sending the malware itself.
MailGuard said it has has seen a number of Cryptolocker viruses targeting Australian businesses. They appear to be testing in small batches and the company anticipates large volumes to be flooding inboxes in the coming days and weeks.
Email users need to be aware of the tell-tale signs of Cryptolocker and other spam containing malware.
The firm advises users not not click links within emails that are not addressed by name or have poor English; are from businesses users were not expecting to hear from; ask to download any files, namely with a .exe file extension; or take the user to a landing page or website that does not have the legitimate URL such as auspost.com.au.
MailGuard said it has quarantined a large number of these fake Australia Post notifications and is constantly assessing these new variants.