CryptoLocker-like Ransomware in the Wild in Australia

CryptoLocker-like Ransomware in the Wild in Australia

A new malware, appearing to be a part of the notorious ransomware CryptoLocker is seen to be operating in Australia these days. CryptoLocker is a ransomware locking files after being infiltrated in a computer. Once the files are locked crooks are contacting the victims for ransom – this is where the name of the malware comes from.

Many Australian citizens have complained that they are recently receiving emails appearing to be from their Office of State Revenue regarding speeding tickets. The emails contain attachments infected with the ransomware.
Although the ransomware appears to be part of the CryptoLockers malware after a code lock, up analysts have found out that it’s just an imitator.

This fact does not diminish the risk though as the ransomware is still capable of locking files when started on a computer. Right after the locking a message appears claiming ransom.
Security experts from Barracuda Labs, a worldwide research and security analysis company, stated on Wednesday that that the detection rate of the malware was very low. Tested by 54 virus engines, only one showed it as a threat. In a blog post on their website from Thursday, the security experts have showed a sample of the email, spreading the ransomware. The email contains two links, one claiming to be a lead to the victim’s invoice for the speeding ticket, the other to the protocol from the act. Both of them are leading to the malware.

Both the email and the software look quite legitimate and can potentially cause a lot of damage to the people opening the links. In addition, crooks have added “Captcha” gate to the email, leading the victims to believe it’s legitimate.

Users can protect themselves against such ransomwares through regular backup of their files. This will enable them to recreate the data in case of infection.