Cryptolocker surfaces in fake UK Royal Mail emails, many victims willing to pay

CorporateSecurity TipsSophosLabsCryptolockerEmailMedia coverageransomware

Ransomware CryptolockerThe Royal Mail in the UK issued a warning that a wave of spam containing fake delivery notices is spreading an unwelcome package — Cryptolocker, the notorious file-encrypting ransomware that locks up a victim’s files until a ransom is paid to the criminals.

Meanwhile, a UK research study found that a staggering 41% of Cryptolocker victims said they agreed to pay the ransom to get their files back, a percentage that the researchers said was “much larger than expected.”

Cryptolocker encrypts a victim's files and demands a ransom.
Cryptolocker encrypts a victim’s files and demands a ransom.

Cryptolocker infects a victim’s PC and proceeds to encrypt all the files on the hard drive, including photos, videos, and other documents. A warning screen from the criminals tells victims to pay a ransom in electronic funds within 72 hours, or else the private encryption key held by the attackers will be lost, and the files inaccessible forever.

Experts tell us that paying the ransom is a fool’s game of chance that the ransom-takers will follow through and give you the key to decrypt your files once you pay. But it seems enough people cave in to the demand, rather than permanently lose their personal treasure trove of digital files, to make unlocking them good business for the cybercriminals.

In the UK research survey, 17 of 41 victims said they were willing to pay the ransom-takers to get their files back. That number, 41%, is much higher than in previous estimates by security companies, by as much as 10 times. The researchers noted the potential for survey bias in their report, but the overall results showed a “much-higher than expected” number of people saying they had been victims of Cryptolocker (at around 3.4%) and other types of ransomware (6.4%).

The package delivery spam attack is the second wave of fake Royal Mail messages carrying Cryptolocker in recent months, according to the Guardian, which also reported that 10 million email addresses were targeted in the UK and there have been as many as 250,000 victims in the UK alone.

How to stay safe from Cryptolocker

There is no chance to break the encryption, so even removing Cryptolocker won’t get your files back. We advise that you always keep your computer protected with security software, and back up your files so you can always retrieve them. Also, don’t open attachments in emails from people you don’t know — the cyber crooks are especially good at tricking people through social engineering.

Learn more about Cryptolocker

At SophosLabs, our own researchers have tracked Cryptolocker since it first emerged in September 2013. Our coverage of the October 2013 outbreak can be found here.

8 Comments

Just scanned my computer with Sophos anti virus and it said no threats and under that
Issues found , what does that mean ?

Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s