NCA ALERT – Mass ransomware spamming event targeting UK computer users

NCA logo

 

 

 

The NCA’s National Cyber Crime Unit are aware of a mass email spamming event that is ongoing, where people are receiving emails that appear to be from banks and other financial institutions.

The emails may be sent out to tens of millions of UK customers, but appear to be targeting small and medium businesses in particular. This spamming event is assessed as a significant risk.

The emails carry an attachment that appears to be correspondence linked to the email message (for example, a voicemail, fax, details of a suspicious transaction or invoices for payment). This file is in fact a malware that can install Cryptolocker – which is a piece of ransomware

Cryptolocker works by encrypting the user’s files on the infected machine and the local network it is attached to.

Once encrypted, the computer will display a splash screen with a count down timer and a demand for the payment of 2 Bitcoins in ransom (Approx £536 as at 15/11/2013) for the decryption key.

The NCA would never endorse the payment of a ransom to criminals and there is no guarantee that they would honour the payments in any event.

Lee Miles, Deputy Head of the NCCU says “The NCA are actively pursuing organised crime groups committing this type of crime. We are working in cooperation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public.”

An NCCU investigation is ongoing to identify the source of the email addresses used. Anyone who is infected with this malware should report it via Action Fraud

Sound advice can be found at GetSafeOnline

Advice: This is a case where prevention is better than cure.

  • The public should be aware not to click on any such attachment.
  • Antivirus software should be updated, as should operating systems.
  • User created files should be backed up routinely and preserved off the network.
  • Where a computer becomes infected it should be disconnected from the network, and professional assistance should be sought to clean the computer.
  • Various antivirus companies offer remedial software solutions (though they will not restore encrypted files).

The original post from the NCA and any relevant updates can be found here.

This entry was written by Zac , posted on Saturday November 16 2013at 12:11 pm , filed under Education & Training, Fraud & Scams, Law Enforcement, Microsoft/Windows, Security, Vulnerabilities and tagged . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

Comments are closed.