You are here

CryptoLocker ransomware spreading fast

18th November 2013

Fraudsters are spamming millions of people with emails that appear to be from banks and other financial institutions that carry CryptoLocker ransomware.

The National Crime Agency (NCA) says the emails have been sent to millions of people, but appear to be targeting small and medium businesses in particular. 

There have been over 7000 reports of ransomware made to Action Fraud in the six months from April to September 2013, according to analysis by the National Fraud Intelligence Bureau.

Encrypts the files on your PC

The emails carry malicious files that disguise themselves as correspondence (for example, a voicemail, fax, details of a suspicious transaction or invoices for payment).

The emails actually carry CryptoLocker ransomware that targets windows computers (Mac computers are not affected). Once installed CryptoLocker works by encrypting the user’s personal files such as, photos, music, office documents etc. 

Once the files have been encrypted CryptoLocker displays a screen with a countdown timer and a demand for the payment of 2 Bitcoins in ransom (which equates to approximately £536 as at 15/11/2013) for the decryption key.

Infected users have a time limit to send the payment. If this time elapses, the private key is destroyed, and your personal files may be lost forever. The NCA's National Cyber Crime Unit (NCCU) says you should never send the payment of a ransom to criminals as there is no guarantee that they would honour the payments in any event.

CryptoLocker prevention advice

  • Do not to click or download unsolicited email attachments.
  • Update your Antivirus software and operating systems regulary. 
  • Back up all your important files and store them off your network. 
  • Where a computer becomes infected it should be disconnected from the network, and professional assistance should be sought to clean the computer.
  • Various antivirus companies offer remedial software solutions (although they will not be able to restore encrypted files).
  • If you are a victim, report it to us

Lee Miles, Deputy Head of the NCCU says "The NCA are actively pursuing organised crime groups committing this type of crime. We are working in cooperation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public."

For further information please visit the NCA website.

Please note that Action Fraud is not responsible for the content of external websites.

To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Related links

Beware of “Police ransomware” on your computer
Public to be on guard against new ‘ransomware’ scam