CYBER-CRIMINALS have upped their game with a highly advanced new ransomware targeting Australians.
Security experts have discovered a virus called “Locky” in an Australia Post email scam, in which users receive an email with a seemingly legitimate attachment.
On top of this, the virus scans users’ basic personal information from their social media profiles, which is used in the copy to convince the recipient they’re an official source.
Once it has been downloaded and opened, the malware runs a JavaScript code that freezes computer files and forces the user to cough up hundreds of dollars to unlock them.
The scam was discovered by an anti-virus company called MailGuard, which said hackers were using “highly advanced” technology to dupe tens of thousands of victims by scanning their social media profiles.
Skimming through an email like this, you can see how someone might assume it was legitimate:
According to Avast, Locky uses all “top class” features, such as a domain generation algorithm, custom encrypted communication, TOR/BitCoin payment, strong RSA-2048+AES-128 file encryption and can encrypt over 160 different file types, including virtual disks, source codes and databases.
Disturbingly, they even discovered that some of the malicious files downloaded contained file path strings that included PC user names.
Security expert Paul Ducklin warned that the ransomware can also spread over associated local networks.
“It scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time, or network shares that are accessible, including servers and other people’s computers, whether they are running Windows, OS X or Linux,” Ducklin said on Sophos’ Naked Security blog.
“If you are logged in as a domain administrator and you get hit by ransomware, you could do very widespread damage indeed.”
HOW TO AVOID BEING SCAMMED
• First and foremost, do not open suspicious files (eg. .doc, .xls, and .zip files).
• If you have any suspicions about an email you’ve received from a company, source their number independently and call them directly. Do not rely on contact numbers provided in the email.
• Purchase a hard drive and frequently back up all your files. If your computer does get infected, you can restore factory settings and replace all your important files.
• Disable Microsoft Office macros by default.
• Don’t stay logged in as an administrator any longer than necessary, and avoid browsing or opening documents while you have admin rights.
Online Source
