Skip to main content

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of recent ransomware incidents involving a ransomware tool known as ‘Mailto’ or ‘Kazakavkovkiz’. Mailto belongs to the KoKo ransomware family.

Alert status
HIGH

At this time, the ACSC is unaware whether these incidents are indicative of a broader campaign.

Details

Currently, the ACSC has limited information about the initial intrusion vector for Mailto infections.

There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the users address book to spread the malware.

There is currently limited information from this compromise on how the malware is spread laterally across a network.

The hash of the Mailto ransomware from this incident is available in the Indicators of Compromise section of this advisory.

The ACSC is continuing to monitor the situation and will update this advisory with any additional details.