31 March 2015

You are advised to be wary of unsolicited emails purporting to attach resumes from potential job candidates. Malicious individuals are using these emails to deliver the CryptoWall 3.0 ransomware that can encrypt your files and require you to submit payment for the key to decrypt them.

The malicious emails come from a variety of addresses. The email subject is typically ‘[first and last names of purported sender] – My resume’.

The email body generally reads:  ‘Hi, my name is [first and last names of purported sender]. I am herewith submitting my Resume under attachment for your perusal.

‘Thank you, [first name of purported sender here].

‘Attachment: [first and last names of purported sender] – My Resume.zip.’ 

A screenshot of a sample email is attached below.

The attachment is a .zip file which includes a single file named [first and last names of purported sender] MyResume.js. If a recipient of this email clicks on the .js file (JavaScript file), the file attempts to reach out to a list of servers and download .jpg files containing malicious executables that try to install the CryptoWall 3.0 ransomware.        

The attack appears to be targeting Australian companies and researchers indicate a new campaign may have been released on Tuesday last week.

When a user’s computer is infected with CryptoWall, the ransomware encrypts a range of file types with a strong encryption key. CryptoWall then typically displays a page to the user advising them their files have been encrypted and that they need to pay a ransom for the key to decrypt them. The message may also include a link to a website to make payment. 

It is important to note that for many victims, paying the ransom may lead to files being returned to normal. However, because you are dealing with criminals, you should be aware this is extortion and there are no guarantees you will regain access to your data. 

The criminals may not respond, they may increase their demands or they may attack you again. Unless you take preventative action, your computer will still have the same vulnerability that caused it to become infected in the first instance.

Staying safe 

Prevention is the best antidote to ransomware and other malware attacks.

Use spam filters and be cautious when opening emails, especially if there are attachments.

Make sure you are using a reputable security product.

Make sure it is up-to-date and switched on.

Make sure your operating system and applications are up-to-date.

Run a full scan of your computer—regularly.

Set and use strong and unique passwords.

Set passwords on all your hardware devices (modems and routers).                

Back up your data.

Keep a backup copy of your data in a safe place, disconnected from your computer and the internet.

Only visit reputable websites and online services.

Most up-to-date security software should identify and block ransomware. 

Recovery

The major problem with encryption based ransomware is that once your computer has become infected, the only way to recover your files is from a clean backup (if the backup has not also been encrypted) or by receiving the encryption key from the scammers.

If you have a clean back up of your data, you can use this to restore your files once you have re-established your system, free of infection.

 You can also keep a copy of the encrypted files in case future events make decryption possible. Authorities may take down these ransomware gangs in the future and it might become possible to obtain the encryption key for your data.

More information

How to set automatic updates on your computer.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.

Feedback

Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

Disclaimer

This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

CONTACT US

Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online
  • RSS feed