ITS have warned of a recent increase in ‘Ransomware’ activity. This is a form of malware which encrypts the contents of your computer drives, and requires you to pay a ransom to get a key to unencrypt your data. I’ve put the text of the email below, but note that this is as much an issue for us with our home computers as it is on campus – probably more so in that the University does have backups. The summary: be very careful if you get any email about parcel deliveries and not just from Australian Post).
(ITS) has been aware of a run of Ransomware linking spam messages that claim to be from Australia Post.
The email message pretends that a parcel delivery was attempted but failed and that the recipient needs to provide details to allow for a follow up delivery.
The email sender has a prefix of info@ and a suffix of any of the following (eg. info@aust-post.com):
austp.net
austpst.org
austpst.net
austpst.com
aut.post.su
austpost.biz
auspost-tracking24.com (or biz, org, info, net)
auspost-tracking.com (or biz, org, info, net)
auspost-parcel.com (or biz, org, info, net)
auspost-delivery.com, auspost-delivery.net, auspost-delivery.org
aust-post.com (or biz, org, info, net)
aus-post.com, aus-post.info, aus-post.biz, aus-post.org
auspost.biz
au-post.com (or biz, org, info, net)
autpost.net
aut-post.info, aut-post.biz, aut-post.su
aust-post.net, aust-post.org
aust.su, aust.pw
delivery-service.net
postaust.com (or biz, org, info, net)
postaut.info, postaut.net
postaust.com
postconfirm.com, postconfirm.net
The Ransomware appears to be CryptoWall.
If a user clicks on the malicious links in the spam message, the malware will encrypt all the files they have access to.
The ransom amount appears to be from $600, doubling to $1200 if the dead line is not met.
