infonews.co.nz
INDEX
TECHNOLOGY

Australians Are Hit with One More AGL Scam Delivering the Torrentlocker Virus

Saturday 4 June 2016, 12:45AM

By John Viser

816 views

A huge phishing email campaign with connections to a crypto ransomware payload is hitting Australia email inboxes today as once huge wave.

This is the second AGL scam in two weeks. About a week ago one more fake AGL email spam campaign was circulating delivering ransomware.

The current spam blast looks absolutely similar to recent phishing emails impersonating many well-known brands like AusPost and AFP. These types of attacks seem to be originating from the same group of hackers.

Image shows an example of the new AGL email that may have several variations:

The spam message looks like an official AGL letter, advising the clients about the monthly bill. The email is customized for each and every recipient and includes a link for the customer to click and view his electricity bill.

The fraudulent site also demands to enter a Captcha code. Once done, the webpage downloads a malicious file containing a Javascript downloader. When executed, the downloader then installs Torrentlocker from another remote server.

The Web addresses the victims are pointed to, and that serve the malicious landing pages are huge in number and differ greatly. A lot of them are actually compromised webservers.

Why is ransomware so dangerous?

When Ransomware your computer actually locks and encrypts all files on local and mapped drives. The individual computer user or business may then be held to ransom. Criminals usually demand to pay them with Bitcoins for getting the files back and decrypted.

How to protect from ransomware viruses?

To be safe from ransomware effects, companies and individuals have to maintain regular backups of all their files and system. These backups should be stored on a remote offline drive. If you have no backups, you have no choice but to pay the ransom, or you will lose your data forever.

To reduce the chance of being tricked by one of those scams, you should immediately remove any emails that:

  • Seem suspicious and request you to download something or click the links inside an email to get additional info.
  • Are pretending to be from companies you know and trust, but yet use language that is not correct, contains mistakes, or uses words which are not appropriate for business letters.

If you are unsure about the message, call that person or company directly and find the that email is legit or not.

Iа not 100% sure, do not click any links, enable macros, or download any files contained in such emails.

AGL company’s website has several tips on how phishing spam emails work.

It is recommended that you share these tips with your friends, relatives, and colleagues for them to be aware of the scam. By using a web security solution like MailGuard, you will reduce the chance falling victims to such new variants malware going into your system.