The Royal Mail in the UK issued a warning that a wave of spam containing fake delivery notices is spreading an unwelcome package — Cryptolocker, the notorious file-encrypting ransomware that locks up a victim’s files until a ransom is paid to the criminals.
Meanwhile, a UK research study found that a staggering 41% of Cryptolocker victims said they agreed to pay the ransom to get their files back, a percentage that the researchers said was “much larger than expected.”
Cryptolocker infects a victim’s PC and proceeds to encrypt all the files on the hard drive, including photos, videos, and other documents. A warning screen from the criminals tells victims to pay a ransom in electronic funds within 72 hours, or else the private encryption key held by the attackers will be lost, and the files inaccessible forever.
Experts tell us that paying the ransom is a fool’s game of chance that the ransom-takers will follow through and give you the key to decrypt your files once you pay. But it seems enough people cave in to the demand, rather than permanently lose their personal treasure trove of digital files, to make unlocking them good business for the cybercriminals.
In the UK research survey, 17 of 41 victims said they were willing to pay the ransom-takers to get their files back. That number, 41%, is much higher than in previous estimates by security companies, by as much as 10 times. The researchers noted the potential for survey bias in their report, but the overall results showed a “much-higher than expected” number of people saying they had been victims of Cryptolocker (at around 3.4%) and other types of ransomware (6.4%).
The package delivery spam attack is the second wave of fake Royal Mail messages carrying Cryptolocker in recent months, according to the Guardian, which also reported that 10 million email addresses were targeted in the UK and there have been as many as 250,000 victims in the UK alone.
How to stay safe from Cryptolocker
There is no chance to break the encryption, so even removing Cryptolocker won’t get your files back. We advise that you always keep your computer protected with security software, and back up your files so you can always retrieve them. Also, don’t open attachments in emails from people you don’t know — the cyber crooks are especially good at tricking people through social engineering.
Learn more about Cryptolocker
At SophosLabs, our own researchers have tracked Cryptolocker since it first emerged in September 2013. Our coverage of the October 2013 outbreak can be found here.
- Read our FAQ for Sophos Customers
- Watch a video of Cryptolocker in action
- Download our Security Threat Report to understand new malware threats
Sophos expert talks about Cryptolocker and bitcoin ransom on CNBC (Video) | Sophos Blog
[…] widespread outbreak of a sneaky, file-encrypting piece of ransomware called Cryptolocker has many people talking. One very important question raised by Cryptolocker’s success to […]
Spam emails delivering social engineering attacks: How to protect your business users | Sophos Blog
[…] shipping delivery notice, which claims to come from the postal service in your country (e.g., USPS, Royal Mail and Canada Post) or a well-known delivery company (e.g., UPS, FedEx and DHL). We saw an increase in […]
How Cryptolocker encrypts your files and extracts a ransom (Video demo) | Sophos Blog
[…] though—you really don’t want to try this at home. If you see the ransom message from Cryptolocker on your computer, it’s too late. Your files are already encrypted, and only […]
Here’s how you can help stop Gameover/Zeus and Cryptolocker | Sophos Blog
[…] around the world, but largely in the U.S. and UK, have been infected by Cryptolocker, which encrypts your files and demands that victims pay $300 […]
Paul
Just scanned my computer with Sophos anti virus and it said no threats and under that
Issues found , what does that mean ?
Anatomy of a ransomware attack: CryptoLocker, CryptoWall, and how to stay safe (Infographic) | Sophos Blog
[…] it’s easy to understand why so many people do pay the ransom, especially if you’ve lost invaluable corporate or personal […]
Net Universe ǀ Connecting Solutions – Anatomy of a ransomware attack: CryptoLocker, CryptoWall, and how to stay safe (Infographic)
[…] it’s easy to understand why so many people do pay the ransom, especially if you’ve lost invaluable corporate or personal […]
Anatomy of a ransomware attack: CryptoLocker, CryptoWall, and how to stay safe (Infographic) — The Cloud Key
[…] it’s easy to understand why so many people do pay the ransom, especially if you’ve lost invaluable corporate or personal […]