Fake notice of arrival from Posti: ransomware disguised as a waybill
16.02.2017 klo 14:07 - Updated 22.02.2017 klo 08:25The NCSC-FI at FICORA has received several reports of scam emails claiming to be from Posti. These emails are used to spread ransomware encrypting the user's files. If you have received such scam email, do not click any link in the email.
The scam email written in poor Finnish claims that a parcel delivery has failed. The email urges the recipient to download and print a delivery waybill by clicking a link. The subject of the email is in Norwegian "Faktura Fra Telenor Norge AS, Mobil [numbers]". The emails have been sent with forged sender details from posti.org.
Target group of the alert
All users of online services
Possible solutions and restrictive measures
- Do not open any links in scam emails.
- The fake waybill on the scam website should not be downloaded or opened.
- If you have opened the “waybill", and as a result, been affected by the ransomware, do not pay the ransoms. Instead, report the case to the police.
- It is recommended to update your backups regularly in order to be able to recover any files encrypted by the ransomware.
Information security now! Kiristyshaittaohjelmaa levitetään Postin nimissä (16 February 2017) (in Finnish)
FICORA has published instructions and articles on ransomware. Read more (in Finnish):
• Selviytymisopas kiristyshaittaohjelmia vastaan (005/2016 J) (in Finnish)
The Finnish Communications Regulatory Authority (FICORA)
The National Cyber Security Centre Finland (NCSC-FI)
Itämerenkatu 3 A
P.O. Box 313
Media contacts by telephone +358 295 390 248