Cryptolocker 4 alert

Posted on Posted in Blog

New alert from our friends over at Trend Micro:

Two Ransom-ware outbreaks are happening right now:
Australia Post and Cryptowall Attachment.

The spam (distributing Cryptowall 4) is using an obfuscated JavaScript attachment.
(Spam mails are already detected by the latest AS full pattern 2092).

The obfuscated JavaScript downloads malicious content from URLs such as:
hxxp://dertinyanl.com/img/script.php?tup1.jpg

hxxp://yalcingulten.com/dbsys.php

At the present we have seen 85 fake Australia Post websites (the list is still growing):
hxxp://adventuredmc.com/JXZ9TMtUgiI/VvqyrjDo.php

hxxp://wilanowski.net/uUJTW/9oyONj.php

We advise users:

  • Not to enter Captcha codes to any postal tracking site
  • Not to open invoice / refund attachments from email (Cryptowall)

27-01-2016-Ransomware-Screen

Be especially careful about anything purporting to be a parcel notification or Australia Post (use the phone to call Australia Post and confirm any such email).

tl:dr – Don’t open any attachments from suspicious emails. Australia Post doesn’t send notifications this way. If you believe you may be infected, turn off the computer and seek professional advice immediately.