Kaspersky warns on new ransomware faking AFP, ACC, ACMA online interventions

Looks like a biohazard symbol

Criminals  who use cunningly customised fake demands for money purporting to be from the Australian Federal Police, Australian Communications and Media Authority, Australian Crime Commission are again on the offensive according, to computer security firm Kaspersky Lab.

Known as the Koler police ransomware scam, Kaspersky says it has detected a previously hidden element of the malicious software that goes to new lengths to customise fake law enforcement and regulatory messages to victims based on the technology they use.

The scam affects Windows-based PCs as well as the increasingly popular Android mobile operating system. Message banners, typically, include official regulatory logos with one even featuring an image of a smiling former Governor General Quentin Bryce.

Kaspersky estimates that local Australian infection levels for the malicious software are compartively high.

“The detections reveal parts which include some browser-based ransomware and an exploit kit, with 6,223 Australian visitors to the mobile infection domain hit since the beginning of the campaign,” Kaspersky said in a statement.

“The figure places Australian users in third place for mobile payload numbers, behind the US and the UK.”

That might be thanks to the strength of the dollar.

The scams work by trying to extract online payments from people visiting or forcibly diverted to a range of websites containing highly offensive or illegal material. The amounts demanded typically range between $100 and $300.

Although pernicious, the scam is not as immediately harmful as previous ‘ransomware’ attacks that actually forcibly encrypted end-user data and then demanded money for the keys to decipher it.

But what’s raised eyebrows is how quickly, effectively and stealthily customised attacks are occurring.

“We believe this infrastructure demonstrates just how well organised and dangerous this campaign is,” said Vicente Diaz, Principal Security Researcher at Kaspersky Lab.

“Of most interest is the distribution network used in the campaign. Dozens of automatically generated websites redirect traffic to a central hub using a traffic distribution system where users are redirected again.”

Mr Diaz said attackers had used “full automation” to quickly create infrastructure to that taken but had changed payloads or were targeting different users.

“The attackers have also thought up a number of ways of monetizing their campaign income in a truly multi-device scheme,” Mr Diaz said.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required