Scammers use fake invoices to infect computers and seek ransom

The computers became infected after users opened a compressed "zip" file attachment which appeared to be an invoice or statement. Photo / Thinkstock

Some New Zealand computer users have paid $500 ransom demands after finding their machines encrypted and a ransom note demanding cash.

The computers became infected after users opened a compressed "zip" file attachment which appeared to be an invoice or statement.

The attachment instead activated a programme which encrypted the entire contents of the user's computer hard drive. It then displayed a message demanding a payment in the online Bitcoin currency to get a code which will unlock the data.

Netsafe's Chris Hails said he had dealt with six cases in the past fortnight - three in the past few days.

He said the cases included people who had paid the ransom demand and had their data successfully returned.

"If the machine has been fully infected, if it's found the vulner-abilities and you have no back-up, the real truth of the matter you abandon the computer or you pay the ransom."

Mr Hails said the ransom demand was 0.5 Bitcoin, the online currency which has enjoyed a sharp rise in value this year. Half a Bitcoin is about $500. He said the targets of the scam ranged from home users to small businesses.

In the case of one user who worked in real estate in Auckland, the exploit unfolded after a zip file which appeared to contain an invoice.

A few days later, he noticed his PC was running slowly. "Last night he got home to find the lock screen with the ransom message," said Mr Hails.

In the case of a small business - a Manawatu company in the building industry - the encryption locked the company out of computers and also encrypted backups.

Mr Hails said PCs running on older XP operating systems that had not been regularly updated were most vulnerable.