ACSC issues AusPost, AFP ransomware warning

The Australian Cyber Security Centre has issued a warning to web users to be wary of a growing and evasive ransomware threat masquerading behind Australia Post and Australian Federal Police domains.

The government-run infosec authority said it had observed a “new wave” of emails carrying ransomware, most frequently claiming to be parcel collection alerts from Australia Post or infringement notices from the AFP, but with other false domains also identified.

It said the “significant campaign” appeared to be a revived version of pre-existing ransomware.

According to the centre, emails typically prompt the recipient to download an archive file (generally .zip, .rar and .7z) containing an executable program. Once executed, the ransomware encrypts information on the users’ computer and inside networked and shared drives until a ransom is paid.

Perpetrators of the campaign appear to be regularly changing the domain the emails are coming from, rendering domain blocking ineffective in the long term, the ACSC said.

It is asking organisations not to give into the cyber criminals’ demands to pay up the ransom, and to report incidents to law enforcement and hosting companies instead.

The centre has asked victims to spread the word about what to look for via the Scamwatch website run by the ACCC, or the Australian Cybercrime Online Reporting Network (ACORN).

It also echoed the Australian Signals Directorate’s plea to big business and government organisations to implement the ASD's ‘top four’ strategies for mitigating against cyber intrusions - particularly, in this case, application whitelisting.

Enterprises should also think about running internal education campaigns, the ACSC said.

“This training should include instruction on how users can report unusual or suspicious emails to their IT security team,” it said in its latest online bulletin.