Menu
CryptoLocker wannabe targets Australia Post and SDRO customers

CryptoLocker wannabe targets Australia Post and SDRO customers

Ransomware demands Bitcoin payments from victims

Australia Post and State Debt Recovery Office (SDRO) customers were targeted by a sophisticated series of ransomware attacks late in 2014.

The ransomware, known as TorrentLocker, infected victims through emails sent from fake Australia Post and SDRO addresses. After penetrating systems, the malware reportedly identified itself as CryptoLocker.

The report was based on data collected by the Trend Micro web reputation service (WRS) and smart protection network.

The attacks were analysed in conjunction with researchers from Deakin University. The resulting report detailed the nature and process of the attacks that began with a combination of email spam, web threats and malware.

Researchers focused on attacks that took place in November 2014. Victims were sent seemingly authentic emails from Australia Post or the SDRO, prompting them to click on a link.

The links then redirected users to spoof websites where they were required to enter a CAPTCHA code to download what they were led to believe were official documents but were in fact ransomware.

The report outlines the infection chain and demonstrates how the attacker used a variety of tricks at each step in the chain to prevent being identified.

After being downloaded, the software began encrypting files on users machines. Upon penetrating a system, the malware identified itself as CryptoLocker in a clear attempt to capitalise on public knowledge of the now-famous malware. Users were then prompted to pay in Bitcoins to have their data restored.

Trend Micro Australia senior threat researcher, John Oliver, said the attacks represent a long-term trend in the security threat landscape.

Read more: ESET to launch new business line of products in 2015

“Ransomware has proven to be an effective way to infect someone and get money. I can’t see it going away at all. You are going to see ebbs and flows in the exact tactics used, but the trend will continue.”

“We have seen threats in Australia really grow since April 2014, peaking in September to December.”

Oliver said cyber criminals using this type of software are banking on the fact that victims will pay a fee (currently around $600) rather than deal with the inconvenience of encrypted files.

The report said Australians accessed 16.2 million websites in the month of November. The report said 10.5 per cent of Australian IP addresses were exposed to some form of web threat in the period.

The average percentage of malicious web hits was 0.22 per cent, roughly the same as that of Trend Micros' December 2013 report (0.21 per cent).

Oliver offered two key pieces of advice to users to defend against these types of security threats. The first is to backup files and have an effective automated backup solution. He also urged users to ensure they have have strong passwords and an efficient way of managing them, such as through a password manager solution.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags trend microsecurityCryptolockerDeakin Universitycyber crimeTorrentLocker ransomwaremalwareBitcoin

Featured

Slideshows

Reseller News launches inaugural Hall of Fame lunch

Reseller News launches inaugural Hall of Fame lunch

Reseller News welcomed 2015 and 2016 inductees - Darryl Swann, Dave Rosenberg, Gary Bigwood, Keith Watson, Mike Hill and Scott Green - to the inaugural Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed how the channel can collectively work together to benefit New Zealand, the Kiwi skills shortage and the future of the industry. Photos by Maria Stefina.

Reseller News launches inaugural Hall of Fame lunch
Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Show Comments