High Volume Crypto Ransomware Attack disguised as Australia Post.

CBM Corporate / IT Blog / High Volume Crypto Ransomware Attack disguised as Australia Post.

CBM Corporate have successfully identified and blocked an email Crypto Ransomware run by cyber criminals impersonating Australia Post today.

This zero day outbreak is directing attacks at Australians alerting the email recipient of a supposed parcel that was delivered to their residence.

Warning: Whilst similar to previous attacks, over 90% of antivirus vendors we scanned this zero day against were not detecting malware on the compromised websites these emails linked to.

The email appears to originate from Australia post addressing the recipient directly (by first and last name) in the subject line, and in the email itself. One notable mistake the offenders have made is the poor grammar in the email subject, The courier did not redeem package” and the email body, “A mailman have not redeem”. 

The recipient is prompted to click the ‘request label’ button, in order to attain their ‘shipping label’ and pick up their package.

Once the button is clicked, the victim is redirected through one of the many domains the perpetrators have hijacked to use (which enables them to avoid having their IP blacklisted). The email recipient arrives on a landing page that is an exact replica of the Australia Post website.

By completing the captcha verification process on the page and clicking ‘Download Information’, a download box appears prompting the user to download ransomware disguised as tracking information.

Whilst malware attached to emails can be stopped effectively by email filters, these crypto ransomware emails indirectly deliver their malware via multi-tiered redirected URLs instead of sending the malware by attaching it to the email itself.

As a precaution, CBM Corporate urge you not to click links within emails that:

 

  • Are not addressed to you by name or have poor English when appearing to be from a reputable Australian company
  • Are from businesses that you were not expecting to hear from
  • Ask you to download any files, namely with a .exe file extension
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from
  • Are from businesses/individuals you were not expecting to hear from or that you aren’t 100% positive are from a trusted source

Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams.

Related Tags: Business IT Solutions Perth

If you have been infected please give the CBM IT Support line a call 9260 9048

Leave a Reply

Your email address will not be published. Required fields are marked *