Alerts

We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

2:10pm, 7 September 2020

TLP Rating: Clear

Malware being spread via email attachments

A malware campaign which is being spread through attachments or links in emails is currently affecting New Zealanders. Once someone opens the attachments or links in the email, the malware gains access to their email account and can send emails out to their contact list to keep spreading the malware.

Once a computer has been infected with this malware it can result in significant financial loss, or data loss through ransomware infections.

What's happening

Systems affected

Windows computers, networks and servers.

What this means

Cyber attackers send emails (supposedly from someone you know) containing malicious attachments or links that you’re encouraged to open or download. They may look like genuine invoices, financial documents, shipping information, resumes, scanned documents, or more recently, information on COVID-19, but they are fake.

Opening the attachment triggers the infection. It gives the attacker access to your email account and enables them to spread the infected emails to all your contacts.

The aim is for the attacker to get into your computer system. From there, they might steal passwords and login details; send fake invoices to businesses customers; or even block access to your system and demand money for you to get it back.

What to look for

How to tell if you're at risk

Anyone can be targeted by Emotet, including individuals and businesses.

How to tell if you're affected

You may receive emails from people in your contact list advising that they’ve received phishing emails from you containing malware.

Or, you may receive an email from CERT NZ, or your internet service provider advising you that your email address has been infected by Emotet.

If you’ve opened a document (for example, a Word document) which was attached in an email and you clicked “yes” to allow it to run macros, then you may be affected.

What to do

Prevention

Emotet is currently being spread via malicious documents which are attached or linked in emails. Therefore, it is important that you take the following measures:

  • Ensure the anti-virus software on your device is active and up-to-date
  • Use an email provider that has good filtering for spam and other malicious emails
  • Use your anti-virus to scan any documents attached, or downloaded from emails before you open them
  • Report any suspicious emails to your IT Support Team
  • When opening a document from an email, if you’re prompted to “enable macros” or “run macros”, click no

Mitigation

If your system has been infected by Emotet malware, we recommend that you:

More information

If you require more information or further support, you can submit a report on our website or contact us on 0800 CERTNZ.

 Report an incident to CERT NZ External Link External Link

For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.

Further links:

Bleeping Computer -

Darktrace Blog