The National Fraud Intelligence Bureau (NFIB) is warning people of emails being sent by cyber criminals claiming to be from British Gas, Ministry of Justice and Home Office that contain TorrentLocker ransomware.
TorrentLocker belongs to the crypto-ransomware family and is designed to encrypt all the files on a machine and any server it is attached to.
In order to retrieve the files a ransom demand is made and is usually requested to be paid in Bitcoin. One victim who reported to Action Fraud said after their computer was infected with the ransomware it demanded the equivalent of £330 in Bitcoin.
The NFIB has identified two main methods currently being used by cyber criminals to trick victims to downloading the virus:
1. The British Gas emails contain an attachment or a link for victims to click to view their latest “bill” or “statement”.
2. The Ministry of Justice/Home Office emails also contain a link or an attachment which contains information on an upcoming “court case”.
In a new twist, if you follow the link instead of downloading the attachment you are asked to fill in a CAPTCHA box with the code provided (recently seen by TrendMicro). Once the code is submitted, TorrentLocker will download onto your machine and will immediately encrypt all your files and demand a ransom.
The NFIB have said that these emails are targeting individuals and businesses. Some Anti-Virus vendors like Trend Micro are detecting these scam emails and are stopping pages/documents from being opened.
How to protect yourself:
- Do not open attachments from unsolicited emails regardless of who they are from.
- Do not click on the link supplied. Instead, go to the relevant website and log in from there. Remember that fraudsters can “spoof” an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of any such attachment or link.
- Update your Anti-Virus software and operating systems regularly.
- Back up all your important files and store them off your network. Please remember that if a device is attached to the infected machine the files on this could also be encrypted with the virus so ensure they are kept on a separate device or cloud storage to ensure they are not lost.
- Where a computer becomes infected it should be disconnected from the network, and professional assistance should be sought to clean the computer.
- Various antivirus companies offer remedial software solutions (although they will not be able to restore encrypted files).
- If you are a victim, report it to us.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.