There has been an influx recently of crypto-ransomware spreading in Australia, similar to the hike of infections that were noted late last year in Europe, The Middle East, and Africa (EMEA). It seems likely upon further inspection that the attackers behind these individual incidents could possibly belong to the same group of cybercriminals – there’s similarity in their IP addresses.
Analysis shows the family-based pattern, which identified the TorrentLocker malware behind the attacks in Australia, was also identified in outbreaks that took place in Turkey, Italy, and France. TorrentLocker malware has been found to be configured for both Australia and countries in EMEA, and it also features similar payment pages for these countries. If a user isn’t located in a targeted country, it will supply a generic English-language web page and the ransom demand is made in US dollars. The base price in Australia is $598 and comes with a warning that the price will double after four days.
Trend Micro and Smart Protection Network have provided data that shows the top spoofed sites and which countries in EMEA and Australia they were most common in. Typically the sites are related to postal services and government-related websites. With the data obtained, a search was done to related domains accounting for October to December of last year, and found that the sites were accessed an average of 1000 times or less per day. Australia topped the list of the most spoofed domains, while an Italian courier service and Internet provider websites were also among the top accessed domains.
Be Alert, Stay Protected
All of this information indicates that the same group could be active throughout multiple countries, meaning that it’s likely we’re seeing a massive global threat. The best way to stay protected as these attacks of crypto-ransomware continue to spread is to know the threats and stay vigilant. Here’s a few tips:
- Ignore suspicious messages and links
- Type in website URLs and go directly to the site
- Keep anti-virus software and firewalls up-to-date
- Stay ahead of evolving security threats
For more information on emerging threats and the best ways to keep your business IT systems and data protected, contact Remote Technology Services at firstname.lastname@example.org or speak to us directly by phone at (800) 478--8105.