The Department of Internal Affairs

Te Tari Taiwhenua | Department of Internal Affairs

Building a safe, prosperous and respected nation


Beware ransomware email campaign

20 March 2015

Internal Affairs is warning people to beware of a ransomware email campaign that could cripple IT systems.

Electronic Messaging Compliance Unit Manager, Toni Demetriou, says the emails purport to offer a person’s resume or CV in an attachment but contains ransomware called “Cryptowall 3.0”. They should be deleted immediately.

“Ransomware is a significant threat to IT systems,” he said. “It’s malicious software that can bring an IT system to its knees and hold a home user or large corporation to ransom. Yet, it can be activated by a few simple clicks in an email spam message. Once installed, it locks out the computer user and presents a message that demands payment in order to restore normal functionality to the computer.”

Mr Demetriou said people can protect themselves from such threats by:
· Not opening attachments or clicking on hyperlinks in unsolicited emails
· Ensuring computer systems are up-to-date and running up-to-date antivirus software
· Conducting routine backups of important files, and keeping backups offline (i.e. not connected to the computer or network)
· Educating other users about this threat.

The EMCU received one of the dodgy emails this week.

The message subject line said:
Resume [senders name]”, and contained a zipped file (.zip) attachment titled “Resume [senders name].zip”. The zipped file contained the Trojan to Cryptowall. The body of the message reads:

My name is [person’s full name], attached is my resume.
I look forward to hearing back from you.

[person’s first name]

Mr Demetriou said the email message aims to attract or persuade the recipient into opening the attachment and could have been tailored specifically for Human Resource departments. The form and content of such emails can change and it is important that recipients remain cautious to any unsolicited email messages.

What is Cryptowall
Cryptowall is a variation of ransomware, and encrypts files on an infected computer including any files accessible on network drives. The victim can no longer access files on their computer, and is asked to pay around $500 US Dollars (approximately $665 NZ Dollars), or 0.5 bitcoin, to receive the files. The victim only has a certain amount of time to make the payment before the files will no longer be able to be saved (or “decrypted”). Cryptowall has been around for some time and is now up to version 3.0.

Email Spam
Email spam is a popular vehicle for cyber criminals to disseminate malicious software (or malware), and in this case is used to spread the Cryptowall malware. Unsolicited email messages may have an attachment that contains a package that will install the malware, or contains a hyperlink within the body of the email that, when clicked, will navigate the user to a website that will cause a “drive-by download”.


Media contact:
Trevor Henry, Senior Communications Adviser, Department of Internal Affairs Ph 04 495 7211; cell 021 245 8642
Toni Demetriou, Manager, Electronic Messaging Compliance Unit, Department of Internal Affairs ph 04 495 7280; cell 021 937 630