14 DAY TRIAL // On Tuesday, ransomware with encryption capabilities affected the computer systems of Australian television channel ABC News 24, and broadcasting of the service had to be done out of Melbourne, instead of Sidney.
The malware infiltrated the news channel via a phishing email. Other organizations have also been targeted by the hacking campaign.
30 minutes of stand-by programming
Employees at the news channel received emails from Australia Post that claimed to report information on failed parcel delivery.
Usually, in such cases, an attachment is provided, which, once opened, generally deploys the malicious software, but sometimes a link is delivered pointing to a malicious download.
Australia Post had warned its customers about such fraudulent emails, which appeared to be delivered from Russia.
After the broadcasting systems were taken down for half an hour, ABC representatives said that the cause of the incident was an IT security issue.
“As a result, we broadcast stand-by programming from 9:30am before resuming live news broadcasts from Melbourne at 10:00am,” the statement said.
Matthew Martyn-Jones, Telstra's Queensland media manager, said that staff emails had been targeted weeks earlier, although those malicious attempts were not successful.
The current incident should make people more cautious about the messages they receive, especially if they are not solicited or expected. Spotting a phishing attempt is not too difficult if proper attention is paid, but there is 100% chance to fall into the trap if each attachment or link in an email is opened blindfoldedly.
Ransomware is the most prevalent form of malware in Australia
Attacks with crypto-malware families locking up the information on the compromised computer and asking for a ransom to be paid have registered an incredible increase in Australia, compared to other parts of the world.
In a report on the matter from Symantec, the security firm noted that since May the surge of this sort of threats in Aussieland was over 1,300%; and this information is more than a week old.
The company has also confirmed that fake emails from local service suppliers are common in this region. Symantec says that targeted users are customers of the Australian energy supplier and Australian postal delivery company, who are tricked into viewing a fake bill or details about a parcel delivery.
When the victim accesses the link provided in the malicious message, they are offered to download an archive claiming to contain the notification from the service supplier; however, the file is actually the ransomware, which, once deployed, encrypts the data on the hard disk and demands a fee to be paid.
One of the best methods to make sure that data is not at risk when hit by crypto-malware is to have updated backups available, at least for the sensitive files.
These threats do not steal anything from the computer, they only lock it up. As such, after removing the malware, users can restore data from a backup file and continue their work.