New Zeland has seen a recent surge of increasingly sophisticated malware attacks that are affecting everyday New Zealanders as well as large organisations. A malware campaign which is being spread through attachments or links in emails is currently affecting New Zealanders. The attacks have the potential to cause widespread disruption and loss of revenue and data.
CERT NZ has received intelligence from one of its international partners that approximately 800 New Zealanders have been affected by this malware.
If the recipient opens the attachments or links in the email, the malware gains access to their email account and can send emails out to the contact list to keep spreading the malware. Once an entry has been gained into the target computer, the malware steals login details, sends fake invoices to businesses customers, etc. It can even block access to files and demands money to grant access again.
CERT NZ, the government agency which supports organisations and individuals affected by cybersecurity incidents, says the virus, known as Emotet, installs malicious software (malware) onto a computer without the owner knowing. The attack is typically financially motivated and can result in significant financial loss or data loss through ransomware infections.
Ransomware like those affecting the healthcare sector in the United States. Federal agencies have warned that the US healthcare system is facing an “increased and imminent” threat of cybercrime, and that cybercriminals are unleashing a wave of extortion attempts designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of Covid-19 are spiking.
“Computer malware is a common theme that people have to protect against. However, this particular one is quickly and continually evolving globally,” says CERT NZ’s Deputy Director, Declan Ingram.
The tricky thing is these malicious emails often do not come from spam email addresses, which is usually a sign that an email is suspicious, said Ingram.
Recovery from this type of virus is not straightforward. If affected, CERT NZ recommends disconnecting the affected computer from any network immediately and contacting the IT support team.
If systems have been infected by Emotet malware, CERT NZ recommends the following mitigation tasks :
- Isolate the infected computer as soon as possible
- Inspect and clean all computers connected to your network
- Notify everyone in contact lists and advise them not to open any emails that appear to come from you
- Run an anti-virus scan across the device
- Change all your passwords and logins on a non-infected device
- Implement two-factor authentication where possible
In cases of personal device being affected, CERT NZ recommends reporting the matter to them via their online reporting tool. An incident responder will make contact directly, to talk through the various options available.
“If anyone is concerned that either they or their business may be affected and is unsure what to do, reach out to us here at CERT NZ and we can assist you on what to do next,” says Mr Ingram.
CERT NZ has issued an alert on its website with information on what to do if you have been affected and how you can best protect yourself from a virus like this.
Earlier in June this year, Cert NZ cautioned people of businesses compromised through remote access systems – software that allows staff to access the business’ network remotely. Attackers were using this software to gain access to business networks, extract sensitive data, and encrypt files and then demand payment for the data.