15 November 2013
The NCA's National Cyber Crime Unit are aware of a mass email spamming event that is ongoing, where people are receiving emails that appear to be from banks and other financial institutions.
The emails may be sent out to tens of millions of UK customers, but appear to be targeting small and medium businesses in particular. This spamming event is assessed as a significant risk.
The emails carry an attachment that appears to be correspondence linked to the email message (for example, a voicemail, fax, details of a suspicious transaction or invoices for payment). This file is in fact a malware that can install Cryptolocker – which is a piece of ransomware
Cryptolocker works by encrypting the user’s files on the infected machine and the local network it is attached to.
Once encrypted, the computer will display a splash screen with a count down timer and a demand for the payment of 2 Bitcoins in ransom (Approx £536 as at 15/11/2013) for the decryption key.
The NCA would never endorse the payment of a ransom to criminals and there is no guarantee that they would honour the payments in any event.
Lee Miles, Deputy Head of the NCCU says "The NCA are actively pursuing organised crime groups committing this type of crime. We are working in cooperation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public."
An NCCU investigation is ongoing to identify the source of the email addresses used. Anyone who is infected with this malware should report it via Action Fraud
Sound advice can be found at GetSafeOnline
Advice: This is a case where prevention is better than cure.
- The public should be aware not to click on any such attachment.
- Antivirus software should be updated, as should operating systems.
- User created files should be backed up routinely and preserved off the network.
- Where a computer becomes infected it should be disconnected from the network, and professional assistance should be sought to clean the computer.
- Various antivirus companies offer remedial software solutions (though they will not restore encrypted files).