The University of Wollongong has warned staff and students to step up their cyber vigilance after UOW addresses were targeted by a scam email that infects computers and holds them hostage.
“The University has been targeted by Ransomware emails which pose a significant security risk to you and the University,” Paul Morgan, UOW’s senior manager client services told staff in an email this week.
“This recent attack is made to look like it is coming from [energy company] AGL in the form of a bill.
“If you have received an email of this nature to either a UOW email address or personal email address, it should be deleted.”
The scam email has successfully targeted more than 10,000 Australians since it was detected last week, according to a cybersecurity analyst consulted by Fairfax Media.
The email sends a fake bill and prompts the recipient to download a copy.
It then saves a .zip file on the computer which, when extracted, locks the machine down using malware known as "ransomware".
The recipient is prompted to pay $US640 ($A880) to unlock it.
The only way to get rid of it is to restore from a backup or to wipe the computer and start over again.
UOW’s cyber security manager Scott Hamilton said the university had been targeted by ransomware for about the past four years, but he had noticed the scams growing more frequent and sophisticated over the past six months.
He said the university was now targeted by criminal groups “on a daily basis”.
“Every piece of information or resource that is necessary for hackers is available on the black market, from lists of email addresses to services people can rent for a specific amount of time to run these things,” he said.
“Everybody’s [UOW] email address gets harvested and sold.
“It’s not just that the ransomware itself is getting more sophisticated; the way it’s getting delivered to people is [improving].
“It’s an arms race, if you like, so every control we put in place, the attackers then find a way around.
“The [fake AGL bill] is very convincing.
The university has two full-time staff dedicated to cyber security.
It has backups in place for its network storage and has a policy of not paying ransoms, Mr Hamilton said.
“[Paying ransoms] encourages that type of business model,” he said.