The Australian Competition and Consumer Commission (ACCC) has issued a warning to small business to be on the lookout for suspicious emails in the face of an increasing influx of ransomware.
The consumer watchdog issued the statement following the release of its Targeting Scams Report that said Australians lost a combined total of $81 832 793 last year to fraud.
The recommendation comes at a time many security firms have released warnings about the recent increase in crypto ransomware attacks.
ACCC deputy chair, Dr Michael Schaper, said the organisation received over 2500 ransomware and malware complaints last year.
“Over $970,000 was reported lost by small businesses and consumers. Several people reported losing over $10,000 to these scams, which can have a devastating effect on a small business,” he said.
“Many small businesses and consumers have reported that their computer has been frozen, with a pop-up alert that claims to be from the Australian Federal Police stating the computer has been locked because they have visited an illegal website or breached various laws.
This form of attack comes from a malware ecosystem that spawned out of the very successful Cryptolocker campaign in 2014. The perpetrators of these attacks were eventually thwarted by authorities when their servers were shut down.
The latest spate of attacks comes from a number of different newer variants of crypto malware known as Cryptowall, Crypto CPB (sometimes referred to as CTB-Locker) and Torrentlocker.
All three of these versions of the ransomware are from the same family of malware as Cryptolocker.
Trend Micro Australia senior threat researcher, Dr. Jon Oliver, has told ARN that Torrentlocker has specifically targeted Australian victims.
“Torrentlocker actors go to special effort to tailor attacks to Australian victims,” he said.
Oliver explained that the recent spate of scam AFP infringement notice emails that were circulating used Torrentlocker to encrypt files on infected machines and demand ransom.
The ACCC’s Dr Schaper added “Scams like this often succeed because they look like messages from a government agency or reliable large corporation. It’s important that small businesses are aware that government agencies will not send these demands and they’re dealing with a scammer.”