A copy of the fake penalty notice. Credit:FireEye The only truth in the matter is that once on the fake site, users are prompted to download a zip file, which contains a PDF – supposedly the fine – and clicking on it triggers the installation of a variant of the Cryptolocker trojan known for encrypting user files and demanding a ransom to unlock them. Researchers at security firm FireEye began receiving calls from companies in Australia on Thursday morning to check on the scam. The real NSW Office of State Revenue has since posted a notice on its website alerting people to it. "SDRO does not issue penalty notices or penalty reminder notices by email. We are aware of an email scam demanding payment of a fake penalty notice. If you receive such an email do not pay anything," the notice says. FireEye technical director Australia and New Zealand, Rich Costanzo, said the malware was similar to that used in previous scams involving fake Australia Post and Energy Australia emails, but unlike them also appeared to encrypt earlier versions of files in the hard drive.

It goes after "shared documents" on network servers. Cryptolocker last hit a large number of Australian computers in September when an estimated 20,000 users were affected. Mr Costanzo said although only an initial analysis of the malware had been done so far, it indicated the ramsomware dials back to Russia, the same source of previous variants. But he said it was not related to findings the company released this week on Russia-led cyber espionage. "They have a very specific aim – this is about money," he said. The scammers are demanding $A600 to unlock the files and appear to have specifically targeted Australians.

Security expert Phil Kernick, of CQR, said this is because "we're easy. We're not a paranoid society – the immediate view is not that people are trying to steal from me." However, Mr Kernick said Cryptolocker was a big deal, people should doubt such emails and there was little they could do if they were tricked. "We say don't pay, go back to yesterday's back up and restore everything." But he said some private users seldom keep up to date back-ups. "When people pay, in my experience, they will give you the key to unlock you files, but soon after that they'll get you again and again," he said.

Mr Costanzo said in cases where files have been locked, to disconnect the computer from all networks to avoid encrypting other drives. Has your computer been infected? How did you recover your files?