Skip to content

Cryptolocker surfaces in fake UK Royal Mail emails, many victims willing to pay

Ransomware CryptolockerThe Royal Mail in the UK issued a warning that a wave of spam containing fake delivery notices is spreading an unwelcome package — Cryptolocker, the notorious file-encrypting ransomware that locks up a victim’s files until a ransom is paid to the criminals.

Meanwhile, a UK research study found that a staggering 41% of Cryptolocker victims said they agreed to pay the ransom to get their files back, a percentage that the researchers said was “much larger than expected.”

Cryptolocker encrypts a victim's files and demands a ransom.
Cryptolocker encrypts a victim’s files and demands a ransom.

Cryptolocker infects a victim’s PC and proceeds to encrypt all the files on the hard drive, including photos, videos, and other documents. A warning screen from the criminals tells victims to pay a ransom in electronic funds within 72 hours, or else the private encryption key held by the attackers will be lost, and the files inaccessible forever.

Experts tell us that paying the ransom is a fool’s game of chance that the ransom-takers will follow through and give you the key to decrypt your files once you pay. But it seems enough people cave in to the demand, rather than permanently lose their personal treasure trove of digital files, to make unlocking them good business for the cybercriminals.

In the UK research survey, 17 of 41 victims said they were willing to pay the ransom-takers to get their files back. That number, 41%, is much higher than in previous estimates by security companies, by as much as 10 times. The researchers noted the potential for survey bias in their report, but the overall results showed a “much-higher than expected” number of people saying they had been victims of Cryptolocker (at around 3.4%) and other types of ransomware (6.4%).

The package delivery spam attack is the second wave of fake Royal Mail messages carrying Cryptolocker in recent months, according to the Guardian, which also reported that 10 million email addresses were targeted in the UK and there have been as many as 250,000 victims in the UK alone.

How to stay safe from Cryptolocker

There is no chance to break the encryption, so even removing Cryptolocker won’t get your files back. We advise that you always keep your computer protected with security software, and back up your files so you can always retrieve them. Also, don’t open attachments in emails from people you don’t know — the cyber crooks are especially good at tricking people through social engineering.

Learn more about Cryptolocker

At SophosLabs, our own researchers have tracked Cryptolocker since it first emerged in September 2013. Our coverage of the October 2013 outbreak can be found here.


Just scanned my computer with Sophos anti virus and it said no threats and under that
Issues found , what does that mean ?


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!