Australia specifically targeted by Cryptolocker: Symantec

Australia specifically targeted by Cryptolocker: Symantec

Security vendor finds the latest variant of the cryptomalware

Australian is increasingly being hit by cryptomalware, according to Symantec.

Symantec Pacific region technology senior director, Sean Kopelke, said malware such as Crytolocker continues to spread through email-based social engineering and affect Australian victims.

“When you look at Crytolocker, the most important thing from the hacker’s point of view is the success of getting people to open these up,” he said.

What Symantec found with previous versions of Cryptolocker is it needs to be focused on a particular region to succeed.

“They customise letters to make them looks as if they came from an Australian postal delivery company, energy supplier, or bank, so that’s why the crytomalware has become specific for Australia,” he said.

Fooling the gatekeeper

Kopelke has also seen clever tactics employed by cybercriminals to circumvent security to reach a user and get them to click on a link.

“When a malicious mail came through in the past, what a lot of security technologies would do is find the embedded URL and follow it through to the end,” he said.

“If it knows it is malicious, it will not allow that email to come through.”

However, hackers noticed their malware was being caught, so they started putting a capture form at the end that requiring the user to input text to make it go through.

The malicious servers would also be turned off at the other end, so when the security would scan the email and follow the link to the end, nothing malicious would be found at the end.

“The servers would be started in the morning, as that is when people would come to work, check their inbox and click the link in the email,” Kopelke said.

Same but different

Symantec’s research has found the Trojan.Cryptolocker.F family is the main type of cryptomalware affecting Australian victims.

With this variant, Kopelke said cybercriminals have changed the way they get through to systems.

“It is quite different to the old Cryptolocker, to the point where it is not the same as the original malware,” he said.

“The outcome is the same, where it encrypts data and demands a ransom, but the technologies and code is significantly different.”

Read more: Australian SMBs reliant on antivirus, unaware of APT: Trend Micro

Kopelke said even referring to it as a variant is a “stretch,” though admits cybercriminals have latched on to the word Crytolocker because the “brand recognition” from a hacker’s point of view is “quite strong.”

“If victims are caught by Cryptolocker and don’t have a good backup, attackers hope they will pay the ransom if they feel the likelihood of decrypting the data is low,” he said.

Because cybercriminals have tasted some success with crytpmalware in the Australian region, Kopelke expects them to continuing with this targeted focus.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags symantecsecurityCryptolockerencryptionmalwaredecryption


Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments