Australian Immigration Daily News

Beware of resume emails bearing ransomware: Alert Priority High

Staysmartonline.gov.au have released information today which could affect migration agents, as people seeking to migrate to Australia will often send their CV / resume by email asking for an eligibility assessment.

You are advised to be wary of unsolicited emails purporting to attach resumes from potential job candidates. Malicious individuals are using these emails to deliver the CryptoWall 3.0 ransomware that can encrypt your files and require you to submit payment for the key to decrypt them.

The malicious emails come from a variety of addresses, including dustywarner[at]csi.com, MargaritoEverett[at]ebparks.org and SantiagoHenson[at]tom.com.

The email subject is typically ‘[first and last names of purported sender] – My resume’.

The email body generally reads:  ‘Hi, my name is [first and last names of purported sender]. I am herewith submitting my Resume under attachment for your perusal.

‘Thank you, [first name of purported sender here].

‘Attachment: [first and last names of purported sender] – My Resume.zip.’ 

A screenshot of a sample email is attached below.

 

The attachment is a .zip file which includes a single file named [first and last names of purported sender] MyResume.js. If a recipient of this email clicks on the .js file (JavaScript file), the file attempts to reach out to a list of servers and download .jpg files containing malicious executables that try to install the CryptoWall 3.0 ransomware.        

The attack appears to be targeting Australian companies and researchers indicate a new campaign may have been released on Tuesday last week.

When a user’s computer is infected with CryptoWall, the ransomware encrypts a range of file types with a strong encryption key. CryptoWall then typically displays a page to the user advising them their files have been encrypted and that they need to pay a ransom for the key to decrypt them. The message may also include a link to a website to make payment. 

It is important to note that for many victims, paying the ransom may lead to files being returned to normal. However, because you are dealing with criminals, you should be aware this is extortion and there are no guarantees you will regain access to your data. 

The criminals may not respond, they may increase their demands or they may attack you again. Unless you take preventative action, your computer will still have the same vulnerability that caused it to become infected in the first instance.

Staying safe 

Prevention is the best antidote to ransomware and other malware attacks.

Use spam filters and be cautious when opening emails, especially if there are attachments.

Make sure you are using a reputable security product.

Make sure it is up-to-date and switched on.

Make sure your operating system and applications are up-to-date.

Run a full scan of your computer—regularly.

Set and use strong and unique passwords.

Set passwords on all your hardware devices (modems and routers).                

Back up your data.

Keep a backup copy of your data in a safe place, disconnected from your computer and the internet.

Only visit reputable websites and online services.

Most up-to-date security software should identify and block ransomware. 

Recovery

The major problem with encryption based ransomware is that once your computer has become infected, the only way to recover your files is from a clean backup (if the backup has not also been encrypted) or by receiving the encryption key from the scammers.

If you have a clean back up of your data, you can use this to restore your files once you have re-established your system, free of infection.

You can also keep a copy of the encrypted files in case future events make decryption possible. Authorities may take down these ransomware gangs in the future and it might become possible to obtain the encryption key for your data.

"Migration agents say a section of the Department of Immigration and Border Protection regulating them is overpaid and overstaffed.

The agents have called for the Migration Agents Registration Authority to be taken out of the department to strengthen the organisation's independence."

Migration Alliance has been asked to provide members with the following information from the DIBP's Visa and Citizenship Helpdesk Section:

Today the Department of Immigration and Border Protection are releasing on the department’s website:

·         a revised ImmiAccount support page (this will be available later today at: http://www.immi.gov.au/Services/Pages/immiaccount.aspx):
This is a single web page from which agents can access more succinct and useful information about ImmiAccount via a number of
‘tabs’ – including improved Quick Reference Guides, clearer guidance on attaching documents and a list of common online error messages to assist agent’s to self-serve before seeking assistance from the department.

After receiving multitudes of complaints from MA members and RMAs about ME Alliance being too similar to, and/or passing off as Migration Alliance, we have been in contact with the Office of the MARA.  Their advice is as follows:

"....should a person, including a registered migration agent, have a concern about the actions or behaviour of an agent, the most appropriate course of action would be for each of these agents to lodge a complaint through the OMARA websiteor speak directly to one of our staff.  The complaints process enables the OMARA to appropriately consider complaints lodged in a transparent manner."  

Please assist Migration Alliance to stop ME Alliance (Migration and Education Alliance) from passing off as Migration Alliance.    Please lodge a complaint to the Office of the MARA citing parts 1.10(ia) of the Code of Conduct, 1.11 of the Code of Conduct, and 4.5 of the Code of Conduct if you are:

To all RMA partners

Migration Alliance is very pleased to announce a new sponsor: ETS, creator of the TOEFL® test.

The TOEFL® test is accepted by the Department of Immigration and Border Protection to fulfil the English-language proficiency requirements for many Australian sponsored and independent visa categories, including: