Ransomware Scam Hits UK Small Businesses

Matthew Broersma,
Security © m00osfoto Shutterstock 2012

The National Crime Agency has warned of a scam that is seeing users’ files encrypted when they click on a malware attachment

The National Cyber Crime Unit (NCCU), part of the  National Crime Agency’s (NCA), has warned of a “ransomware” campaign that appears to be targeting British small and medium businesses. The NCA assessed the event as a “significant risk”.

The attacks are being carried out via email messages that appear to originate from banks or other financial institutions. The emails, which are being sent to tens of millions of UK users, contain an attachment which appears to be correspondence referred to in the email message; according to the NCA this might seem to be
a voicemail, fax or details of a suspicious transaction.

Encryption malware

The attachment is, however, in fact a piece of malicious code that can install Cryptolocker, an application which works by encrypting files on the user’s system and on the local network it is attached to.

Cryptolocker then displays a splash screen with a countdown timer and a demand for 2 Bitcoins (about £805 as of Tuesday morning) in ransom for the decryption key.

cryptolockerBitcoins are favoured by hackers for the level of anonymity they allow. Ironically, the value of Bitcoins saw a sharp increase, from around £200 to more than £500, following comments in the US Senate on Monday that indicated the US government considers digital currencies a “legitimate” financial service. As of Tuesday morning Bitcoin’s value had descended to around £400.

The NCA said it does not endorse the payment of a ransom to criminals and emphasised that there is no guarantee that the payment would be honoured. The BBC said it was aware of cases in which the ransom had been paid but the files could not be decrypted.

“The NCA are actively pursuing organised crime groups committing this type of crime,” said NCCU deputy head Lee Miles in a statement provided to the press. “We are working in cooperation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public.”

Ransomware

Anyone encountering the malware should report it to Action Fraud, according to the NCA. The agency said users should not click on unknown attachments, should use up-to-date operating systems and antivirus tools, should back-up their files and should disconnect infected machines from networks.

CryptoLocker surfaced earlier this year and targets Windows systems. It encrupts files on local and network-mounted disks with RSA public-key cryptography, with the private key stored on the malware’s control servers. So far researchers have not succeeded in decrypting the files affected by the malware.

Last year a ransomware attack prentending to originate from police agencies made the rounds, with one variant capable of communicating in multiple languages.

The Android mobile platform was targeted by ransomware earlier this year.

Are you a security pro? Try our quiz!