New Cryptolocker spear phishing campaign looks to be ‘The Grinch that stole Christmas’ in Australia

Cryptolocker is one of the most notorious attacks we’ve seen in a while, one which definitely would ruin someone’s day, or in this case holiday spirit. As of December 16 6:53AM PST, Barracuda Real-Time Systems have intercepted and blocked a new version which has a 1 out of 54 detection rate according to VirusTotal.

The attack comes as an email disguised as the State Debt and Recovery office in Australia. It uses a common fear tactic describing that a camera has caught the recipient speeding and must now pay a fine in order to avoid suspension of driver’s license or vehicle registration.

Once the victim clicks on the “Invoice” or “View Camera Images” – he is then directed to a website and instructed to download a penalty or reminder notice.

The webpage utilizes a captcha which will actually require the right combination of letters or numbers to download the file, possibly another trick by the attackers to legitimize the site.

Once downloaded and opened, Cryptolocker encrypts the data on the host computer, rendering all files to be unusable or opened until payment is made.

While these newer versions of Cryptolocker do not appear tied to the original version which was said to have been disrupted, we should remain vigilant of copycat attacks that have and will certainly follow.

As always, any emails received should be treated with extreme caution. Users should always keep anti-virus up to date, and use best practices when opening suspicious emails from unknown senders.

Customers running the Barracuda Spam Firewall and Barracuda Email Security Service with up to date security definitions are protected from these attacks.