CERT NZ, the government agency which supports organisations and individuals affected by cyber security incidents, says a
recent surge of increasingly sophisticated malware attacks is affecting everyday New Zealanders as well as large
organisations. The virus has the potential to cause widespread disruption, and loss of revenue and data.
The virus, known as Emotet, installs malicious software (malware) onto a computer without the owner knowing, and the
attack is typically financially motivated. Once the attacker has gained entry to your computer the malware steals login
details, sends fake invoices to businesses customers, or even blocks access to your files and demands money to get it
The virus can affect computers that use Windows, and it is a concern for businesses as it can deploy further malware
that may enable ransomware attacks - such as those affecting the healthcare sector in the United States. This ransomware
- known as Ryuk - encrypts the affected individual’s or organisation’s data and holds it for ransom.
CERT NZ has received intelligence from one of its international partners that approximately 800 New Zealanders have been
affected by this malware.
“Computer malware is a common theme that people have to protect against. However, this particular one is quickly and
continually evolving globally,” says CERT NZ’s Deputy Director, Declan Ingram.
The infection starts when someone clicks on a link or attachment sent in an email. Not only does the person’s device
become infected with malware, the virus also accesses and sends infected emails to the person’s contact list –
continuing the cycle. This is how the virus is able to spread so effectively.
“The tricky thing is these malicious emails often don’t come from spam email addresses, which is usually a sign that an
email is suspicious,” says Mr Ingram.
“As the cyber attacker has access to someone’s contact list, the email is sent from a person you know and could even be
interspersed into an email conversation thread you’re having with them, making them hard to identify. That’s why it’s
extremely important to have up-to-date antivirus software on your computer.
“It’s also worthwhile picking up the phone if you receive an email out of blue from someone you know which contains a
web link on or attachment to double check if it’s the real deal.”
Recovery from this type of virus is not straightforward. If you think your business has been affected, CERT NZ
recommends disconnecting the affected computer from your network immediately and contacting your IT support team.
If your personal device has been affected, CERT NZ recommends reporting the matter to them via their online reporting
tool. An incident responder will contact you to talk through the various options available to you. Or alternatively you
can take your device to an IT company who can support you to remove the malicious files.
Importantly, because the malware has access to your computer it will have all your account login credentials and
passwords, which could include things like online banking. These will need to be changed to secure your accounts. It is
very important that you only change your passwords using a different computer as the malware may also record any changes
“If anyone is concerned that either they or their business may be affected and is unsure what to do, reach out to us
here at CERT NZ and we can assist you on what to do next,” says Mr Ingram.
“After receiving reports about this virus, we have been able to reach out to people affected and assist them with the
recovery steps. In turn, they got in touch with their contacts who may have been affected to try and stop the cycle”.
CERT NZ has issued an alert on its website with information on what to do if you have been affected and how you can best
protect yourself from a virus like this. You can find this here