crypto

RANSOMWARE WARNING: Australia Post

a type of malicious software designed to block access to a computer system until a sum of money is paid.

We had a client fall victim to Australia’s most prolific phishing email scam – Australia Post this week – so we thought it might be timely to send out a warning to all our readers.

While there are too many to list, the Australia Post Delivery Service hoax email is among the top 3 phishing

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

emails running around. Unfortunately for my client, they WERE indeed expecting an international parcel and hence dint for a second suspect this email.

The email was opened via the browser from a hotmail account and the next morning they started their day with a RANSOM note advising ALL their files were encrypted and they must pay $ 300 to have the files returned to them.

This was no threat. The files were indeed all encrypted (e.g. yourfile.doc was now yourfile.doc.enc). They could not open a single file and the screen kept popping up a message about the encryption. This particular hack uses an algorithm known as Crypt0l0ck which is almost impossible to decrypt without the decryption key. Furthermore, there is absolutely NO guarantee if you paid the $ 300, you get your files back AND that they wont attempt to continue sending you such phishing email in the future.

SO WHAT DO YOU DO IF THIS HAPPENS TO YOU?

  • Firstly – dissconnect your infected PC(s) from the Network immediately to avoid spreading the infection.
  • If you network storage (NAS) is infected, dissconnect that also.
  • You will need to either clean your PC OR wipe, reformat and start over and restore latest clean backup (which is what 90% of people do)
  • It is however possible to clean the infection (as we did for our client in question). To do this, you need 3 up to date applications:
  • Software to remove the unwanted application (E.g. RogueKiller, or if Windows 10 – defender) – these programs call these potential unwated applications PuPs (Potential Unwanted Programs)
  • Malware Bytes (free version will do the trick)
  • Updated anti-virus (which you should already have – we hope!)

Essentially, you need to:

  1. boot into Windows in Safe Mode (reboot and press F8 or use msconfig from start search bar).
  2. Then run the application (e.g. RogueKiller) to remove any PuPs.
  3. Once cleaned, run Malware Bytes which will scan and remove any malware on your computer.
  4. You will also need to delete all your .enc files (there will be MANY) from your computer. Simply go to your C drive from MyComputer and type in *.enc into the search window and delete all the files found. Repeat for other (non C) drives as well.
  5. If you have a NAS (network storage unit) which was infected – best option is to reformat (or reset to factory defaults) – as NAS units are critical to your business moving forward.
  6. Once you have completed above, restart your Windows in normal mode. You should no longer see the threatening message and all should appear normal.
  7. NOTE: You most likely will lose your email inbox (.pst) files and other applications MAY not start. In this instance, you need to setup again.
  8. The above process is time-consuming – and you may prefer to have the experts do it for you (like us, here at ZIS). However if you do it yourself – you should with some patience get through the process.
  9. Final step – RESTORE last known backup.

HOW DO I AVOID BEING INFECTED IN THE FIRST PLACE?

Always ensure you have the latest Anti-virus application running. Many these days include anti-malware also – if not, download and install Malware Bytes into your computers. You can use the FREE version, however the PRO version will run quietly in the background and monitor 24/7. The Free version essentially you need to manually start.

Always ensure you have safe (potentially off-site) copies of your backups.

Note: The CLOUD is NOT immune to these infections. Cloud storage is essentially an extension of your storage – so the virus doesn’t differentiate between C drive and other. You CAN however leave encrypted backups in the cloud as these Malware programs search for specific file types (e.g. .doc, xls and so forth). Most professional backup software will use a unique extension and thus is generally considered safe.

Finally – never leave your computers on over night unattended unless you have to  (for some reason).

If anyone reading this post encounters such an issue – please feel free to contact ZIS who will be more than happy to come out and resolve this for you.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *