Warning issued as Kiwis affected by computer virus holding some to ransom

CERT NZ has issued a warning after a new computer virus has affected nearly 1000 Kiwis.

A man enters credit card information on a laptop (file). Source:

CERT NZ - the Government agency which supports organisations and individuals affected by cyber security incidents - says the virus has the potential to cause widespread disruption, and loss of revenue and data.

"The virus, known as Emotet, installs malicious software (malware) onto a computer without the owner knowing, and the attack is typically financially motivated," CERT NZ warns in a statement.

"Once the attacker has gained entry to your computer the malware steals login details, sends fake invoices to businesses customers, or even blocks access to your files and demands money to get it back.

"The virus can affect computers that use Windows, and it is a concern for businesses as it can deploy further malware that may enable ransomware attacks - such as those affecting the healthcare sector in the United States. This ransomware - known as Ryuk - encrypts the affected individual’s or organisation’s data and holds it for ransom."

According to intelligence received by CERT NZ from an international partner, around 800 New Zealanders have been affected by this malware.

"The infection starts when someone clicks on a link or attachment sent in an email. Not only does the person’s device become infected with malware, the virus also accesses and sends infected emails to the person’s contact list – continuing the cycle. This is how the virus is able to spread so effectively."

CERT NZ’s Deputy Director, Declan Ingram outlined the "tricky" nature of this virus.

“These malicious emails often don’t come from spam email addresses, which is usually a sign that an email is suspicious,” says Ingram.

“As the cyber attacker has access to someone’s contact list, the email is sent from a person you know and could even be interspersed into an email conversation thread you’re having with them, making them hard to identify. That’s why it’s extremely important to have up-to-date antivirus software on your computer.

“It’s also worthwhile picking up the phone if you receive an email out of blue from someone you know which contains a web link on or attachment to double check if it’s the real deal.”

If you think your business has been affected, CERT NZ recommends disconnecting the affected computer from your network immediately and contacting your IT support team.

If your personal device has been affected, CERT NZ recommends reporting the matter to them via their online reporting tool

"Importantly, because the malware has access to your computer it will have all your account login credentials and passwords, which could include things like online banking. These will need to be changed to secure your accounts. It is very important that you only change your passwords using a different computer as the malware may also record any changes you make."

CERT NZ has issued an alert on its website with information on what to do if you have been affected and how you can best protect yourself from a virus like this. You can find this here.