ACSC Issues Warning About AFP and AusPost Ransomware

Itnews.com.au reported on 21st July, 2015 quoting a warning issued by The Australian Cyber Security Center (ACSC) to users of web to be careful about a rising and evasive ransomware threat posing as Australian Federal Police (AFP) and Australia Post domains.

Especially, the ACSC is an important initiative of Australian Government to ensure that networks of Australia are amongst the hardest in the world to compromise.

Infosec authority run by the government (referring to ACSC) said that it had observed a "new wave" of emails containing ransomware most frequently purporting to be alert notifications from Australia Post regarding collection of parcel or infringement emails from the AFP and identified these with other fake domains also.

It confirmed that the "significant campaign" looked to be a revived edition of pre-existing ransomware.

As per the center, emails normally prompt the recipient to download an archive file (generally .zip, .rar and .7z) enclosing an executable program. Once execute, the ransomware encrypts information on the computers of the user and inside networked and shared drives until a ransom is paid.

Itnews.com.au published a report on 21st July, 2015 quoting ACSC as saying "Perpetrators of the operation seem to be frequently changing the domains of the origin of emails making the blocking of domain futile in the long term."

It is requesting organizations not to give into the demands of cyber criminals and should not pay ransom amount and instead report such incidents to law enforcement and hosting bodies.

In the short period, big organizations which are affected can inform potential users by posting on their website and ScamWatch website of Australian Government.

The center has revealed many recommendations to reduce scams of the above kind. Some of them include: firstly, end users should be very careful while opening any links enclosed in emails even if they look to be from a genuine Australian government or business domain. Secondly, organizations should consider to run an education campaign for their staff regarding phishing emails in trying to increase awareness of users. This training should teach users on how to report about unusual or apprehensive emails to their Information Technology security team.

» SPAMfighter News - 8/3/2015