As you may be aware, Australia has been targeted with a number of sophisticated new CryptoLocker campaigns in which emails contain links to download alleged tracking numbers, power bills, or infringement notices from Australia Post, Origin Energy, and NSW Office of State Revenue, respectively. These fake emails may lead to fake websites and downloads containing malicious executable files. Once executed, local and shared drive files are encrypted and held for ransom. Because certain variants encrypt using legitimate Windows processes that have been code injected, even journaling and rollback remediation features may be bypassed.
Unfortunately, due to the highly variable nature of malware emergence, no security software can offer protection against 100% of threats in existence. But we at Webroot want to assure you that we are constantly working to protect against the newest variants as they appear. Currently, our threat and development teams are gathering the latest malware data and CryptoLocker variants.
As always, a preventive approach is key in these scenarios. In addition to endpoint security, we highly recommend the following steps:
• Review backup strategy for network and local critical files and ensure regular backups.
• Alert users to new malware campaigns immediately. These typically increase over the holiday season.
• Educate users about phishing emails and other social engineering tactics.
• Isolate infected endpoints from the network as soon as possible.
• Implement effective email security tools and policies, such as blocking executable or zipped attachments from unknown senders, or setting email
• Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
• Subscribe to alert services such as Australian Government’s Stay Smart Online, which updates on the latest trends in our region.