AIM Communications Logo
Mobile SiteFacebook Twitter YouTube

What is it?

CryptoLocker is a type of Malware known as Ransomware.  It’s not a new approach to Malware, we have discussed Ransomware on this blog a few months back.

In fact, one of the earliest pieces of malware that was written specifically to make money, rather than simply to prove a point, was the AIDS Information Trojan of 1989.  This was a type of Ransomware.

That Trojan scrambled your hard disk after 90 days, and instructed you to send $378 to an accommodation address in Panama.

In a general sense, what CryptoLocker does is encrypts your files so that you can’t read them, then offers to sell you the encryption key back for a sum of money so you can “unlock” your files.


How do you get it?

The most common attack vector for CryptoLocker is email.  In the past few weeks I have seen it disguised as payroll information leaked from the HR department, company vehicle permission forms sent from the operations department, and bank statements sent from a number of banking institutions.

CryptoLocker authors are using many many different types of email to distribute their stuff.

To a lesser extent, it is also being spread to computers already infected with a Trojan.


How can you protect against it?

This Malware is fast to infect, so fast in fact that some anti-virus products do not manage to stop it before it starts to encrypt files.

As anti-virus vendors get better at detecting and stopping this threat, your anti-virus will most likely keep you safe from it, but you should always have the following things in place to protect yourself against this, and most other Malware threats:

  • Make sure your files are backed up.  If your files get locked up by CryptoLocker, you can simply restore from backup.
  • If you are not 100% sure of the sender of an email, or you are not expecting an attachment from a person, do not open the attachment.  Email attachments are the most common attack vector.
  • Keep your anti-virus up to date.  As anti-virus vendors get better at stopping this threat, you will want to make sure your anti-virus is being updated by them so you are as protected as possible.

We don’t know how long they will be free, so get in quick:




If games aren’t your bag, there are also five other apps up for grabs:



Which one is your favourite?  email us at and let us know!

Recently, there has been a spate of emails claiming to be from the Australian Taxation Office containing a link to Malware designed to infect and compromise systems.


This type of Malware is typically designed to work in the background, taking control of your system and stealing sensitive and important data.


If you are currently using Office365, or an on-site mail solution that is protected by Trend Micro, these emails should automatically be sent to  your Junk Mail folder, or quarantined at the server, other solutions may quarantine or delete this email, but we have not tested this Malware against them.


Section 1: What email did I receive, and how did I know it was a Phishing scam?


This week I received an email claiming to be from St. George bank, telling me that there had been some strange activity on my internet banking account and it had been suspended, and that I had to click on a link to verify my activity and re-activate my account.

St George Phishing Scam


A few nights ago, whilst sitting at home enjoying the latest episode of Game of Thrones, I received a phone call from “James at Microsoft”.


Now, receiving calls from Microsoft is not particularly odd for me, I talk to Microsoft staff on a weekly basis.  What was odd was that the call was at 7pm, on my home landline that is never used.  I’d heard about these calls before, but never had one myself.  This call was someone trying to trick me into thinking my PC had a fault.  The wisest thing to do when you receive a call like this is simply to hang up, but in the interest of investigating further, I let him continue.


You’ve probably all seen it before, that little http:// or https:// in front of a website address.  So what does it mean?


HTTP stands for Hyper Text Transfer Protocol, and the S part stands for Secure.  The little http:// in front of a web address is just a way to tell your web browser what type of protocol it should use when going to this address.


The important difference between the two is the “Secure” part.


Section 1: What email did I receive, and how did I determine it contained Malware?


This weeks Malware email was a little different from most I receive which claim to be from credit and reputation reporting agencies, payment facilitators, and service providers….This one claimed to come directly from my own Xerox Scanner!

Xerox Scanner Malware


This weeks Phishing email was submitted by a valued client, Australain Lawn Concepts, asking us to help them determine if it was a real email from Telstra.


If you have received an email that you are not sure about, and want us to help you figure it out, forward the email to, and we will assist you as best we can.



It’s a common question from our clients, so I thought I would address it today:


Why if my anti-virus is up-to-date, and I am careful about what websites I go to, could I be infected by a piece of Malware?


To answer this question, we are first going to have to answer two other questions; how does Malware get into a computer, and how do anti-virus programs work.


Section 1: What email did I receive, and how did I know it was Malware?


Writing a compelling Malware email is a lot like writing effective marketing copy; it has to catch your attention and compel you to take action.  This Malware email is no different:


Experian Malware


This particular Malware email claims to be from Experian, a credit reporting agency.  It claims that there has been a change to your credit report and that you should view the attached report to see the change. (more…)

Head Office
Phone: 1300 246 266
61 Cuthbert Drive, Yatala QLD 4207
PO Box 3841 Australia Fair QLD 4215

Phone: (07) 3442 4747
Fax: (07) 3442 4757

Gold Coast
Phone: (07) 5500 4411
Fax: (07) 5596 5688

ABN: 70 727 979 507