Some may feel that it goes without saying that you should be extremely careful about opening email attachments from unknown senders, but I feel that it cannot be said often enough.

Here's a case in point: One of my neighbours in the business park received an email notification purportedly from Australia Post advising of items to be collected from the local post office. As he, like me, subscribes to AusPost email notifications associated with his PO box, he went ahead and opened the attachment, and boom! ... his PC was instantly infected with the vicious CrypotoLocker virus.

In case you don't know, this virus encrypts various types of files (Word, Excel, CAD, etc) such that they cannot be accessed unless the target hands over US$300 via BitCoin to receive the unlock key. The encryption used is 2048-bit RSA key pair so it's as tough as it gets outside of the military.

My neighbour handed his PC to a virus removal company who removed the virus but they could not retrieve his encrypted files. He reluctantly decided that he would pay the ransom to get his business files back but the virus removal company removed the very program he needs to perform the payment transaction.

Because he does not back-up his PC regularly there's no way he can recover his files. So now he's in deep doo doo. As you might imagine, he is very stressed out.

He realises his mistakes in (a) not backing up and (b) opening an attachment, but it's easy to be wise after the event.

DON'T LET THIS HAPPEN TO YOU!


Further information here:

http://www.abc.net.au/news/2015-08-09/australians-paying-thousands-after-ransomware-virus-infection/6683618

https://en.wikipedia.org/wiki/CryptoLocker

Ransomeware is running around, have seen comments on other forums.

Pays to keep regular backups of everything or else as your friend found out everything can be lost.

Apparently the encryption is so tough no one knows how to recover the affected files.

As a general rule I don't open anything that I didn't send for. It is automatically deleted without being opened if it even smells like being a malicious message.

My mail server is set to delete any message with a URL embedded in it that doesn't reside in the .au namespace. This alone is a safe bet that phishing/malware/ransomware e-mails can't get through because of the restricted nature of the .au namespace. Domain licences cost more for a start. Also, as licensees have to be a corporate, government or charitable entity the chance of a .au domain being used for an untrustworthy purpose is fairly remote. My mail server has a whitelist which allows through foreign or global domains of my choosing and this only occurs for anything I subscribe to.

Recent malicious e-mails have included those purporting to be from the major banks, the Australian Federal Police and Australia Post. Those from the AFP have had infringement notices attached but those in the know will remember that the Federal Police doesn't issue speeding fines with the exception of the ACT Policing branch and even then only in the Australian Capital Territory and not normally via e-mail.

E-mail operates using some of the oldest communications protocols on the Internet and they are so old now that they pre-date the so-called Information Superhighway by years. These protocols are relatively insecure because they were developed at a time when e-mail was used only for personal communications. Because of the popularity of e-mail, it is too costly and cumbersome to develop a more secure mail system and this is why no-one has bothered. Instead, extra security is bolted on to this ancient but reliable system. People still have to play their part though and use some common sense.

On the subject of backing up, the necessity for this depends on what one uses their machine for. If it is just used for browsing the WWW and reading e-mail from a web-based mail service then backing up is not critical as the data you are accessing is stored elsewhere and backed up by others. If you are using a computer for work, producing documents or maintaining databases, etc then yes, backing up that data and documents is definitely necessary.

The more critical the items on a computer are the more care needs to be taken. It all escalates on a sliding scale. For example, the data and the files on this web server are backed up automatically every night at a time when concurrent visitor numbers aren't very high. Every day's backup is stored in a different directory so nothing gets overwritten. Once a week a DVD backup is also done, just in case the hard disc on the backup server drops its Jatz Crackers. In a situation like a website, it is essential to have at least two lines of defence. I've doubled that for the web server - a total loss of this site at this point in time cannot be entertained.

Three years ago the host server crapped its Reg Grundies and a backup regime similar to that above ensured that no data at all was lost.

‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
A valve a day keeps the transistor away...

Apparently the encryption is so tough no one knows how to recover the affected files.

Agencies such as the CIA would probably have access to the resources to recover affected files if necessary. Individuals are toast without the decryption key.

It's a good move to not trust attachments in emails, even from known people (I've had my email account hacked by spammers). In my address list, I have my own email listed along with friends'. So if I see spam from my own email account, then I know it's time to change my password.
My ISP does some prefiltering, and I have virus software on my PCs. If say paypal, or my bank or such says I need to respond or else via a supplied link, I won't. Or I go to their sites completely independently of the email message. And occasionally I get emails from banks where I don't have accounts...

occasionally I get emails from banks where I don't have accounts...

Was a time where I was receiving "phishing" emails like that at least once a week. PayPal and most of our banks have an email address for forwarding suspect emails to and that's where I send them before deleting them unopened.

Of course this is like RFI Generating & Dodgy electrical stuff. All we seem to have is a reporting service & statutory authorities that sit back, take no ownership & do naught about it.

Here is actually an opportunity for a government claiming to be cash strapped, to do some cost saving by getting rid of the non performers.

Marc

I've seen a PC that was infected by the AFP virus. The only solution was to wipe it and start over.

Agencies such as the CIA would probably have access to the resources to recover affected files if necessary.

You probably mean the NSA, who have machines capable of decrypting anything. But most people also have stuff they'd rather keep private. In the end, face it, it's gone.

This e-mail is believed to send people's computers to a similar fate. Screenshot below from my mobile phone.

The language and terms used in the sentences is usually a giveaway. Australia Post doesn't normally use terms such as "shipping" or "mailman" in their correspondence and they do not charge recipients for items that are not delivered.

If you get this one, just bin it.

‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
A valve a day keeps the transistor away...

Yep, that's the type of message I alluded to, carrying a cryptovirus payload as an attachment.

In this case, the atrocious grammar alone ought to red light it.