Ransomware That Steals Email Accounts Is Spreading Through Fake Electricity Bills

There is a ransomware going around that is spreading through emails posing as AGL electricity bills. Not only is it able to hold files to ransom, it also installs key logging software on compromised PCs in order to steal email account details. Attackers can then use those email accounts to spread the ransomware further. Here’s what you need to know.

The ransomware was detected by security vendor Check Point’s Incident Response Team. Dodgy emails purporting to be from electricity company AGL contains links that redirect users to a website where the ransomware is downloaded. It appears to be targeting Windows PCs only.

According to Check Point:

“The fake page looks realistic and contains a captcha that users need to complete. If a user tries to visit this page via a mobile device or Apple Mac it will give them an error message saying they need to access it from a Microsoft Windows computer. This results in a number of users forwarding it to their corporate e-mail.”

The Check Point team recommends that organisations start inspecting HTTPS traffic and employ sandboxing that can hold and prevent the initial file as a starting point to ward off this ransomware attack. Companies should also use whitelisting and perform scrubbing on incoming documents, the team said.


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


5 responses to “Ransomware That Steals Email Accounts Is Spreading Through Fake Electricity Bills”