ITP Techblog

Brought to you by IT Professionals NZ
« Back to Home

CERT: Malicious computer virus targeting New Zealanders

Techblog Staff. 30 October 2020, 6:46 am

CERT NZ, the government agency which supports organisations and individuals affected by cyber security incidents, says a recent surge of increasingly sophisticated malware attacks is affecting everyday New Zealanders as well as large organisations. The virus has the potential to cause widespread disruption, and loss of revenue and data.

The virus, known as Emotet, installs malicious software (malware) onto a computer without the owner knowing, and the attack is typically financially motivated. Once the attacker has gained entry to your computer the malware steals login details, sends fake invoices to businesses customers, or even blocks access to your files and demands money to get it back.

The virus can affect computers that use Windows, and it is a concern for businesses as it can deploy further malware that may enable ransomware attacks - such as those affecting the healthcare sector in the United States.  This ransomware - known as Ryuk - encrypts the affected individual's or organisation's data and holds it for ransom. 

CERT NZ has received intelligence from one of its international partners that approximately 800 New Zealanders have been affected by this malware.

"Computer malware is a common theme that people have to protect against. However, this particular one is quickly and continually evolving globally," says CERT NZ's Deputy Director, Declan Ingram.

The infection starts when someone clicks on a link or attachment sent in an email. Not only does the person's device become infected with malware, the virus also accesses and sends infected emails to the person's contact list - continuing the cycle. This is how the virus is able to spread so effectively.

"The tricky thing is these malicious emails often don't come from spam email addresses, which is usually a sign that an email is suspicious," says Mr Ingram.

"As the cyber attacker has access to someone's contact list, the email is sent from a person you know and could even be interspersed into an email conversation thread you're having with them, making them hard to identify. That's why it's extremely important to have up-to-date antivirus software on your computer.

"It's also worthwhile picking up the phone if you receive an email out of blue from someone you know which contains a web link on or attachment to double check if it's the real deal."

Recovery from this type of virus is not straightforward. If you think your business has been affected, CERT NZ recommends disconnecting the affected computer from your network immediately and contacting your IT support team. 

If your personal device has been affected, CERT NZ recommends reporting the matter to them via their online reporting tool. An incident responder will contact you to talk through the various options available to you. Or alternatively you can take your device to an IT company who can support you to remove the malicious files.

Importantly, because the malware has access to your computer it will have all your account login credentials and passwords, which could include things like online banking. These will need to be changed to secure your accounts. It is very important that you only change your passwords using a different computer as the malware may also record any changes you make.

"If anyone is concerned that either they or their business may be affected and is unsure what to do, reach out to us here at CERT NZ and we can assist you on what to do next," says Mr Ingram.

"After receiving reports about this virus, we have been able to reach out to people affected and assist them with the recovery steps. In turn, they got in touch with their contacts who may have been affected to try and stop the cycle". 

CERT NZ has issued an alert on its website with information on what to do if you have been affected and how you can best protect yourself from a virus like this. You can find this here.


You must be logged in in order to post comments. Log In

David Lane 30 October 2020, 4:26 pm

Worth noting that it only affects people running Microsoft Windows desktops, networks, or servers. Everyone else can stand down.

Web Development by The Logic Studio