CryptoLocker wannabe targets Australia Post and SDRO customers

12.01.2015
Australia Post and State Debt Recovery Office (SDRO) customers were targeted by a sophisticated series of ransomware attacks late in 2014.

The ransomware, known as TorrentLocker, infected victims through emails sent from fake Australia Post and SDRO addresses. After penetrating systems, the malware reportedly identified itself as CryptoLocker.

The report was based on data collected by the Trend Micro web reputation service (WRS) and smart protection network.

The attacks were analysed in conjunction with researchers from Deakin University. The resulting report detailed the nature and process of the attacks that began with a combination of email spam, web threats and malware.

Researchers focused on attacks that took place in November 2014. Victims were sent seemingly authentic emails from Australia Post or the SDRO, prompting them to click on a link.

The links then redirected users to spoof websites where they were required to enter a CAPTCHA code to download what they were led to believe were official documents but were in fact ransomware.

The report outlines the infection chain and demonstrates how the attacker used a variety of tricks at each step in the chain to prevent being identified.

After being downloaded, the software began encrypting files on users machines. Upon penetrating a system, the malware identified itself as CryptoLocker in a clear attempt to capitalise on public knowledge of the now-famous malware. Users were then prompted to pay in Bitcoins to have their data restored.

Trend Micro Australia senior threat researcher, John Oliver, said the attacks represent a long-term trend in the security threat landscape.

Read more:Microsoft flags 800 per cent spike in crypto ransomware that demands $US1000

"Ransomware has proven to be an effective way to infect someone and get money. I can't see it going away at all. You are going to see ebbs and flows in the exact tactics used, but the trend will continue."

"We have seen threats in Australia really grow since April 2014, peaking in September to December."

Oliver said cyber criminals using this type of software are banking on the fact that victims will pay a fee (currently around $600) rather than deal with the inconvenience of encrypted files.

The report said Australians accessed 16.2 million websites in the month of November. The report said 10.5 per cent of Australian IP addresses were exposed to some form of web threat in the period.

The average percentage of malicious web hits was 0.22 per cent, roughly the same as that of Trend Micros' December 2013 report (0.21 per cent).

Oliver offered two key pieces of advice to users to defend against these types of security threats. The first is to backup files and have an effective automated backup solution. He also urged users to ensure they have have strong passwords and an efficient way of managing them, such as through a password manager solution.

Read More:

(www.arnnet.com.au)

Chris Player