2:10pm, 7 September 2020
Malware being spread via email attachments
A malware campaign which is being spread through attachments or links in emails is currently affecting New Zealanders. Once someone opens the attachments or links in the email, the malware gains access to their email account and can send emails out to their contact list to keep spreading the malware.
Once a computer has been infected with this malware it can result in significant financial loss, or data loss through ransomware infections.
Windows computers, networks and servers.
What this means
Cyber attackers send emails (supposedly from someone you know) containing malicious attachments or links that you’re encouraged to open or download. They may look like genuine invoices, financial documents, shipping information, resumes, scanned documents, or more recently, information on COVID-19, but they are fake.
Opening the attachment triggers the infection. It gives the attacker access to your email account and enables them to spread the infected emails to all your contacts.
The aim is for the attacker to get into your computer system. From there, they might steal passwords and login details; send fake invoices to businesses customers; or even block access to your system and demand money for you to get it back.
What to look for
How to tell if you're at risk
Anyone can be targeted by Emotet, including individuals and businesses.
How to tell if you're affected
You may receive emails from people in your contact list advising that they’ve received phishing emails from you containing malware.
Or, you may receive an email from CERT NZ, or your internet service provider advising you that your email address has been infected by Emotet.
If you’ve opened a document (for example, a Word document) which was attached in an email and you clicked “yes” to allow it to run macros, then you may be affected.
What to do
Emotet is currently being spread via malicious documents which are attached or linked in emails. Therefore, it is important that you take the following measures:
- Ensure the anti-virus software on your device is active and up-to-date
- Use an email provider that has good filtering for spam and other malicious emails
- Use your anti-virus to scan any documents attached, or downloaded from emails before you open them
- Report any suspicious emails to your IT Support Team
- When opening a document from an email, if you’re prompted to “enable macros” or “run macros”, click no
If your system has been infected by Emotet malware, we recommend that you:
- Isolate the infected computer as soon as possible
- Run an anti-virus scan across the device
- Change all your passwords and logins on a non-infected device
- Implement two-factor authentication where possible -
- Inspect and clean all computers connected to your network
- Notify everyone in your contact list and advise them not to open any emails that appear to come from you
If you require more information or further support, you can submit a report on our website or contact us on 0800 CERTNZ.
Report an incident to CERT NZ External Link External Link
For media enquiries, email our media desk at firstname.lastname@example.org or call the MBIE media team on 027 442 2141.
Bleeping Computer -
- https://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/ External Link