Watch Out For an Australia Post Email Scam with the “Locky” Virus Attached

CYBER-CRIMINALS have upped their game with a highly advanced new ransomware targeting Australians.

Security experts have discovered a virus called “Locky” in an Australia Post email scam, in which users receive an email with a seemingly legitimate attachment.

On top of this, the virus scans users’ basic personal information from their social media profiles, which is used in the copy to convince the recipient they’re an official source.

Once it has been downloaded and opened, the malware runs a JavaScript code that freezes computer files and forces the user to cough up hundreds of dollars to unlock them.

The scam was discovered by an anti-virus company called MailGuard, which said hackers were using “highly advanced” technology to dupe tens of thousands of victims by scanning their social media profiles.

Skimming through an email like this, you can see how someone might assume it was legitimate:

locky-virus-example-email

What happens next is the victims’ personal files become encrypted, and their names turn into a gibberish sequence of 32 numbers and characters followed by the .locky extension. The targeted operating system identifies these items as LOCKY files that cannot be opened no matter what software the user may resort to.

locky-virus-example-files

In a nutshell, this means that the .locky file extension virus harnesses asymmetric cryptography to encrypt file contents and also employs symmetric cipher to encode filenames proper.

locky-virus-recover-instructions-txt

As a result, the victim can neither open his or her pictures, documents and videos nor even determine which entry stands for which file on the hard drive. At that point, the extortionists recommend a ‘panacea’, which is claimed to be capable of decoding everything in exchange for a fee. It’s called the Locky Decrypter. In order to use this tool, the plagued person needs to visit a Tor gateway specified in the _Locky_recover_instructions.txt file and submit 0.5 BTC to a Bitcoin address indicated on the page. The use of The Onion Router technology and the payment workflow over cryptocurrency are the precautions that the offenders adopt to stay anonymous and get around law enforcement. Unfortunately, most of these exactors manage to stay on the loose and keep coining new breeds of ransomware.

locky-virus-ransom-note

It’s not a good idea to pay the ransom and purchase the Locky Decrypter program. This is what the cybercriminals insist on, but it’s certain not in any affected user’s interest.

Over 39,000 Cases Of Cybercrime Reported In Australia Last Year

Online fraud and scams make up 49 per cent of reports according to The Australian Cybercrime Online Reporting Network (ACORN).

The Government launched the ACORN in November 2014 as an easy way for the public to report cybercrime. It is also used as a national intelligence database for authorities to use for identification and prosecution of criminals.

Online fraud and scams accounted for 19,232 of the reports received in 2015.

Online trading issues which affect Australians who buy and sell goods online were the second highest type of cybercrime reported; the ACORN received 8,368 reports which accounts for 22 per cent of total reports in 2015.

Victoria received the highest number of cybercrime reports, closely followed by Queensland and New South Wales.

The majority of reported victims of cybercrime were between 20 and 40 years of age (40 per cent), followed by the 40-60 age group (38 per cent).

Over the past year, email, social networking, and website advertising have been the top three reported online channels used by cybercriminals to target their victims.

Many instances of cybercrime go unreported because victims either do not know where to report, don’t think it’s worth reporting, or are reluctant to do so. ACORN said in a statement that the service “allows cybercrime victims to easily and instantly report cases of criminal activity online, as well as providing information on how to avoid falling victim to cyber criminals.”

“As Australia’s reliance on technology grows, and online shopping remains an increasingly attractive option for busy Australians, the cost and incidence of cybercrime is expected to increase.”

Watch Out For Two New Scams Related To Windows 10

Windows 10 is making an unwanted name for itself in the scam department after malicious actors are using two different tactics in efforts to obtain information from unsuspecting users.

There are two primary vectors where an scammer/attacker could use the enthusiasm and discussions around Windows 10 to entice you to let your guard down.

Tech Support Calls

One scam that has been active for quite a while is the phone call that comes into your home claiming to be some type of tech support and many times they will use Microsoft’s name to try and add some legitimacy to the call.

They then commence to tell you that an alert was received on their end of an issue relating to your computer and that they can help resolve that.  If you give them access to your machine, typically using Team Viewer software, they then show you errors on your system in order to convince you of the problem. Once you grant them control they could plant a piece of malware on your system and block your security software from detecting it.

Another thing they might tey is to indicate they can help you get Windows 10 installed on your system so you then grant them control and you end up with malicious software instead of Windows 10.

They may at anytime in this process attempt to collect fees for their assistance as well once they have your trust.

A variation: Cold calls attempting to help you reserve the Windows 10 upgrade for a fee or getting your permission to send an email that would contain malicious code/attachments.

Windows 10 Upgrade Email

Microsoft has sent out official emails to anyone who successfully reserved a copy of Windows 10 to let them know there place in line is safe and that they will soon be able to start the upgrade. It is believed millions of people were able to reserve the upgrade and are waiting for the download/upgrade process to begin.

The scammers will take advantage of this anticipation by sending a malicious file attached to what appears to be an very official looking email and tell the recipient that opening it will begin the upgrade and/or download process.

That begins the attack on your system.

A variation: Instead of attaching a malicious file to the email they may send you an embedded link indicating that site will help you begin the upgrade process.

My Advice

 

The best cure for both of these is to know that Microsoft will not contact you over the phone about the Windows 10 Upgrade nor will they email you any type of executable file that will begin the process.

Currently the only legitimate methods to get Windows 10 onto your system is through the Get Windows 10 app, the small white Windows flag icon in the lower right corner of your computer screen, or to use the installation media creation tools Microsoft released last week.

Alternatively, you can contact me and I will assist you remotely to start the upgrade process.

Be vigilant and keep your security software up to date to provide yourself maximum protection against these and other malicious/phishing attacks.

What Is CryptoWall and How To Protect Your Systems

Viruses and Malware infecting computers are a common occurrence these days, especially Malware.

Such a target-rich environment is precisely what a majority of malware thrives in. The more targets, the greater the chance of a pay off (or destruction) — whatever the motivation behind the malware, more is viewed as better than less.

This is why viruses like CryptoWall (and its predecessor, the now defunct CryptoLocker) are poised to strike consumers and enterprises equally very hard. With the internet as its distribution point, any and all Windows desktops that are not thoroughly protected will likely feel the pain of CryptoWall’s payload through either direct or indirect infection.