About 10,000 Australians have been targeted by a destructive email scam that infects and locks computers. The responsible ‘ransomeware’ was transferred to infected computers via an email that appeared to be an AGL energy bill.
How Computers Became Infected
The computers became infected when computer users opened an email claiming to be a bill from the energy company AGL. The email contained a link, and when clicked, this link downloaded a .zip file. When users extracted the .zip file ransomeware, such as Torrentlocker or Cryptolocker, was installed and the computer locked down.
To remove the lock, users were asked to pay a huge fee of $880 AUD. Users who did pay the fee will continue to be monitored by the malware. In other words, handing over the money isn’t a quick fix.
This particular email scam successfully infected companies and offices across Australia, from finance to mining. Once the virus had infiltrated one computer within a corporation, it spread rapidly by accessing legitimate emails and attaching to them the ransomeware.
Our Client’s Experience with the AGL Ransom Virus
We received a distress call from a local Melbourne painter, who told us his computer had been infected by a ransom virus and he could not access any of his emails, accounting files and family photos. He then told us that there was a window on his computer screen that he couldn’t close, which displayed a countdown timer, price, and ransom payment demand instructions.
After asking numerous background questions, we were able to pinpoint that he had opened a fake email invoice from AGL energy, and that this had infected his computer. We also discovered that the painter did not have any backups – which made the situation very serious.
Unfortunately this particular virus is not fixable like a traditional virus or malware removal. Because the client did not have backups, we discussed the options, which included paying the ransom: $640 USD.
We informed our client of the risks, and met with him to proceed to pay the ransom, which was a complex and stressful process that took a week to complete. With 22 hours left to pay, we completed the money transfer and received a program to unlock his files.
To avoid any future problems, we removed all other malicious software that had been running in the background, and we taught our client how to back up with both external and cloud systems.
Recognising an Email Scam
Many viruses and malwares are spread by email. Coders write emails that appear to be legitimate to computer users, so they are more likely to take a particular action, whether that’s downloading a file or disclosing private information.
Websites like ‘electricitybills.com’ may appear to be authentic and real, but they aren’t. Here are a few ways you can recognise an email scam.
- If you attempt to open the email on your Mac computer and an error message pops up, take that as a warning sign. Delete the email immediately if the error message asks you to use a Windows computer.
- If the file you downloaded is a .zip, be wary. Bills and other legitimate documents are usually sent as PDFs.
- If you open the email on your iPhone and an error message pops up saying something along the lines of, ‘this email cannot be opened on the iPhone,’ the email probably isn’t legitimate. All legitimate emails from Australian utility companies will open on an iPhone.
- Always check the ‘FROM’ address in emails. If the email is malicious, the FROM address is always suspicious with funny looking address. For example, firstname.lastname@example.org.
- Be cautious of any emails from AGL, Australia Post, PayPal, Visa or any banks, etc., that ask you for personal information, or to open an attachment.
What to Do If You Have Received the Email Scam
Like most viruses, the AGL email scam will prevent you from using your computer. What’s worse, the goal of malware like this can be to access personal information for illegal purposes, such as identity theft.
If you have received a suspicious email, delete it immediately. Do not click any links within the email. Run anti-virus software, and add the sender address to your junk mail list.
Here are a few ways you can avoid ransomeware infecting your computer.
- Always have the latest anti virus software and internet security software installed. We recommend AVG internet security or Kaspersky Internet Security.
- Check your computer for malware once per month with anti-malware software.
- Always have at least two forms of backup. An external hard drive and a cloud storage backup work well together.
If your computer has been infected, consider when you last backed up your computer. Then, wipe it to factory settings, and restore from your most recent backup. This is the only way to successfully complete malware removal.
Get Help with Malware and Virus Removal
Whether you’re suffering from the AGL email scam or another virus, we can help securely remove the bug and repair your computer. We can also assist in the installation of anti-virus software, email security, computer repairs, computer virus removal and educate you on how to be safe and smart online. Give us a call on 1300 553 166 or fill out the form on this page.