Language switcher

You are here

Malware e-mails imitating the Health Board spread online

Last night, the Computer Emergency Response Team of the Information System Authority (CERT-EE) was notified that fake e-mails containing malware and copying the official information of the Health Board are being sent by hackers.

People have received an e-mail with the grammatically erroneous title ‘Tervis hoiuministeeriumi poolt heaks kiidetud teade COVID-19 viiruse levikus’. Please delete the e-mail and do not open the links provided therein.

At the end of the e-mail, there is a link to a file titled ‘Eeskiri.7z’ – do not click on it. By clicking on the link, a file containing malware will be downloaded to your computer, i.e. your computer will be infected with malware. ‘However, if a computer user has already clicked on the link, downloaded the linked file, and opened it, there is a very good chance that their computer has already been infected with the malware, which may still go undetected by anti-virus programs,’ said Tõnu Tammer, Executive Director of CERT-EE. According to Tammer, clicking on the link opens a seemingly ordinary prevention poster, but the poster also comes with malware. ‘Persons who have received the e-mail, opened the link, and seen the poster now have malware installed on their computer. If that is the case, the computer should not be used until it has been cleaned and it is certain that malware has been removed from the computer. Be sure to change the passwords that have been stored in your browser (Chrome, Edge, Firefox, etc.). If you have also saved bank card information in your browser, notify your bank and order a new card, if necessary, as the criminals may use your bank card,’ said Tammer.

According to Tammer, one should always check who the sender is before opening e-mails. ‘Fake e-mails are usually sent from an e-mail address that mimics the e-mail address of a well-known company or organisation, but is actually not affiliated with the company. Make sure that the name in the title and the name of the sender match. Even minor inconsistencies should trigger caution,’ said Tammer. The sender of the e-mail in question was euroapteek(at), meaning the criminals tried to imitate a well-known pharmacy in Estonia.

He added that CERT-EE also reported the malware to developers of anti-virus software. ‘However, developers of anti-virus software need some time to fully identify the behaviour pattern of the malware included in these letters and provide protection against it with their products. For now, users must exercise caution themselves,’ said Tammer. ‘People should always be mindful of what links they click, because criminals are getting better at hiding malware. Although the e-mail contains grammatical errors, the overall quality is quite good and the poster in the downloadable file looks trustworthy. We therefore ask you to stay vigilant. If the recipient cannot see the web address of a link, we would never recommend clicking on it,’ Tammer concluded.

If you clicked on a link, downloaded the file containing malware to your computer, opened it, and saw the aforementioned poster, please send the information to You can read about the basics of cybersecurity from the official blog of the Information System Authority at

The attachment includes a screenshot of both the e-mail and the poster that contained the malware.

Seiko Kuik
Press Officer
5851 7028

More news on the same subject


Cyber Security in Estonia 2020: A Comprehensive Look At The Estonian Cyber Landscape

11.05.2020 - The Estonian Information System Authority (RIA) has compiled a comprehensive overview of cyber security in Estonia. “Cyber Security in Estonia 2020”, available at, explains the landscape, the responsibilities and activities of different public sector organizations in Estonia who all contribute to keep Estonians safe online. From setting up a cyber security standard to combating cyber crime to training military cyber defence operators, every agency has a vital role to play. 


RIA warns: Be especially IT-conscious during the emergency situation

This week, the Information System Authority (RIA) launched a new cybersecurity campaign, ‘Be especially IT-conscious during the emergency situation’, which warns people about cyber threats related to teleworking. All tips for safe distance learning and working at a home office are gathered on the website