Fake State Debt Recovery Office emails engineered to infect your computer with ransomware: Alert Priority High

Australians should be wary of scam emails purporting to come from the State Debt Recovery Office, within the NSW Office of State Revenue, claiming to deal with interest owing on a tax assessment.

The email has the subject line ‘Notice of reassessment – Penalty tax’ and what appears to be an official serial or file number. The text in the email body is headed ‘Notice of reassessment’ and includes a ‘More information’ button. This button links to a website where email recipients are prompted to download a file containing details of the reassessment notice. However, this file includes ransomware.

The ransomware could encrypt your files to prevent you accessing and working on them, and force you to pay the scam authors for an online ‘key’ to unlock them. If you receive this email, you should delete it immediately.

An example of the fake email

An example of the fake website

Recipients may mistake the scam email and the website as being authentic. The current examples do not refer to the recipient’s name, address, tax file number or other details.

Do not click on links or attachments in a message unless you are completely confident about its content.

You can always navigate to the original website or phone the source yourself—independently of links or information in the message—and cross check its information.

 About ransomware

This email scam is believed to be distributing the ransomware known as TorrentLocker, which is a variation of CryptoLocker (example below). The authors are demanding payment in a virtual currency, equivalent of about AUD$640, to provide you with the key to unlock your files.

An example of a ransomware notification

There are many different versions of ransomware circulating and it can be difficult to identify which type you have encountered.

The most serious types of ransomware encrypt files on your computer or network using high quality encryption. The only way to recover your files is by succumbing to blackmail and paying the ransom for a key to unlock your information. However this may not necessarily guarantee the recovery of your data. You may forfeit your money, and still not recover your files.

As recovery of your system without the key is virtually impossible, the best solution can often be to restore your files from a clean backup, if you have one available.

Prevention is the best approach for any malware, and particularly this kind of ransomware.

There are also some less sophisticated types of ransomware that simply block access to your computer or pretend to lock your files. With careful action you can remove this ransomware and regain access to your files without paying a ransom.

If you suspect your computer or network is infected by ransomware, you should seek technical advice immediately. Time is critical.