Today an official notification of a massive hacker attack taking place alarmed Britain. The National Fraud Intelligence Bureau (NFIB) warns about spread of new bitcoin ransomware.
Virus is contained in official-looking emails either from government structures or from reliable companies. Users got malicious emails from Ministry of Justice, UK Home Office and British Gas.
NFIB reveals the details of attack. Its representative explained that “cyber criminals use two main methods to trick victims to downloading the virus”.
“Official” emails from Ministry and Home Office pretend to contain information about forthcoming law case in the form of link or attachment. At the same time British Gas is kind of sending bills or statements in the same links/attachments. A potential victim needs only to open the link to activate TorrentLocker malware.
If the victim downloads the attachment instead of following the link, he will find a captcha code box. After filling it a special code with virus contained in it will be sent to the computer. Malware at once encrypts system’s files and continues to hold them hostage until a required ransom in bitcoin is paid.
Criminals target both individuals and businesses. The notification is actually important not only for British users. Such countries as Italy, United States, Germany, Poland, Spain and Turkey are at risk as well. The only difference is that postal and courier services act like senders in these countries.
Some anti-virus vendors did detect the attacks and stopped the links to be opened. According to the statistics around 98% of TorrentLocker victims don’t pay ransom. Nevertheless it is simpler and more reliable to prevent the situation rather than to remedy consequences.
NFIB reminds of the measures one can take to protect his computer:
- Be sure that your anti-virus software is regularly updated.
- Always keep important files off your network. Bear in mind that a device attached to the infected computer can contain viruses as well. Better keep documents on separate devices or cloud storages.
- Do not open self-invited emails. Any links or attachments can possibly be malicious. You can always visit official website and log in from there instead of following links from the email you don’t trust. Remember that attackers can fake any email address thus making it look like a familiar one.
- If you have already been attacked and your files are infected, disconnect the computer from the network and better turn to professionals to clean it. Antivirus companies can take remedial actions although they will not be able to restore encrypted files.