Over the last week, we have noticed an increase in the distribution of a new CryptoLocker copycat virus.

 

This virus is transmitted through a fraudulent email that appears to be from the "Office of State Revenue" in NSW, the email states that the recipient has received a speeding fine and that the invoice can be downloaded and payed via the supplied link. NOTE: Do NOT click the link! The link will redirect the user to a fraudulent website in which it will provide a link to download a very nasty CryptoLocker virus.

What it is.

This virus is particularly nasty as it will encrypt all of the data on your PC, thus making it unreadable unless you have the encryption key.

Encryption Key?

An encryption key is exactly what it sounds like, a key to access your files. The only problem is that once your files have been locked with this key, it is uploaded to the internet where you cannot access it. The team (or person) behind the virus, then offers you the key for a ransom, in this case AU$1000.

How do I get the virus?

This particular virus comes from a fraudulent email appearing to be from the "Office of State Revenue State Debt Recovery" (Pictured below). Once the link in this email has been clicked, it will direct your to an infected WordPress site, which will in turn redirect you to a site that looks like a legitimate government site. From there it will then request that you download the infringement invoice and even makes it look more legitimate by asking you to fill in a captcha field.

Email:

Email

Website:

What happens to my data?

Once the virus has been run on your PC, it will go through your data and encrypt specific file types, these are the most common file types. i.e. JPEG images, Word Documents, Excel Documents. This makes them inaccessible unless you have the encryption key. Once all of your data is encrypted, the virus then displays a box on your screen with instructions on how to recover your files. At the moment we are unaware of whether these instructions will actually allow recovery of your data. These instructions simply request a payment via the Bitcoin network equaling AU$1000.

Is my data recoverable?

There are ways to recover your data once your files have been encrypted.

Data Backup

It is always a good idea to have a current backup of your data, this will ensure that if something goes wrong with your PC, whether it be a virus or a failed hard drive, your data is safe.

Windows 'Previous Versions' function

Your only hope for this to work is that firstly you turn your PC off immediately from getting the virus. Remove the infection and the try to recover your files. Note: This will only work if the functionality has been enabled in the past to create the previous versions.