There is a ransomware going around that is spreading through emails posing as AGL electricity bills. Not only is it able to hold files to ransom, it also installs key logging software on compromised PCs in order to steal email account details. Attackers can then use those email accounts to spread the ransomware further. Here's what you need to know.
The ransomware was detected by security vendor Check Point's Incident Response Team. Dodgy emails purporting to be from electricity company AGL contains links that redirect users to a website where the ransomware is downloaded. It appears to be targeting Windows PCs only.
According to Check Point:
"The fake page looks realistic and contains a captcha that users need to complete. If a user tries to visit this page via a mobile device or Apple Mac it will give them an error message saying they need to access it from a Microsoft Windows computer. This results in a number of users forwarding it to their corporate e-mail."
The Check Point team recommends that organisations start inspecting HTTPS traffic and employ sandboxing that can hold and prevent the initial file as a starting point to ward off this ransomware attack. Companies should also use whitelisting and perform scrubbing on incoming documents, the team said.