Bogus AGL Electricity Bill - Ransomware

mgrogan on 04/06/2016 - 08:59
Last edited 04/06/2016 - 09:11

I opened a link in a bogus AGL email
hoax-slayer.net bogus-agl-electricity-bill-email
"Clicking the links opens a webpage that appears to be part of the genuine AGL website. The page asks you to enter a Captcha code to access your bill. After you enter the code, a .zip file supposedly containing your bill will be downloaded to your computer. The .zip file harbours a malicious JavaScript file that, if opened, can download and install a version of the infamous Torrentlocker ransomware. Once installed, Torrentlocker can lock up all of your important computer files and then demand that you pay a ransom to online criminals to recover them."

I was not sent to bogus web page (I got like web page not found 404 message) and did not enter any Captcha code and no .zip file was downloaded.
When I saw the article on smh thousands-targeted-by-ransomware-email-scam,
I deleted the email.
I removed the ethernet cable from my desktop.
File explorer did not find any .zip files downloaded in last week.
I ran (free version) AVIRA disk check overnight (which had been updated earlier in the day) and there were no errors.
I've had no follow-up email demanding a ransom.

It was a pure coincidence I was on phone to Origin Energy, for them setting up an online account for me - so sending me emails to verify my email, etc - so my guard was down.

My last backp is more than a month old :( :( :(

So am I OK and can reconnect my desktop to the ethernet? (Then do lots of backups)

Thanks
:)
Margaret

General Discussion

Comments

  • xoom on 04/06/2016 - 09:13
    +2

    Yes. We got the usual bogus emails at work. From traffic infringements, to colesworth gift card freebies to utility bills.

    Been one or two <insert name calling here> who had to be spoken to by our security officers becaused they clicked on said links in an email.

    As for you OP. Looks like you are ok.

  • StewBalls on 04/06/2016 - 09:59
    +1

    This is part of the reason why I make sure all of my bills are still paper based.

    • [Deactivated] on 04/06/2016 - 13:36
      +1

      I had a paper bill for amounts owing from AGL addressed to 'Dear Customer'….. I've never been with AGL, I assume it was the previous owner. I bet they get a lot of payments with this method.

      • StewBalls on 04/06/2016 - 13:38

        Ironically, I've also had them for our investment properties from AGL…I suspect you are right, a lot of people would get suckered into paying up for something that isn't their responsibility.

        It often takes a few phone calls & threats to AGL to get them to desist as well, which is pretty poor form.

  • dasher86 on 04/06/2016 - 10:07

    Happened at work. Whole server went down.

  • Timfoo on 04/06/2016 - 10:10

    My mum got done, lost all her files
    All encrypted :(

  • krunchymoses on 04/06/2016 - 10:11

    Yeah, they are really targeting Australia at the moment. This is going around and menacing people like crazy. Client recently opened the AGL email but luckily the vista backup was working and all her files were safe - but it was sketchy!

  • Clear on 04/06/2016 - 10:18

    And this is why having a good antivirus and backup is important.

    I've been playing around with a lot of variants lately and Australia seems to always get the worst ransomware. Plenty of amateur stuff elsewhere that stores the master key in the registry or leaves shadow copy on. Very interesting.

  • holdenmg on 04/06/2016 - 11:07

    Ransomware That Steals Email Accounts Is Spreading Through Fake Electricity Bills

    http://www.lifehacker.com.au/2016/06/ransomware-that-steals-…

  • supnigs super skids on 04/06/2016 - 12:10

    yeah, this is why i open all dodgy/suspect stuff on my ipad instead, even naughty web sites. leave computer for real work.

Login or Join to leave a comment
Login Join