+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Watch out for these dodgy British Gas and Home Office emails, they're part of a blackmail scam

Jul 2, 2015, 20:55 IST

Two men fishing under a bridgeReuters Pictures

A cyber blackmail ring is targeting the UK with bogus, malware-filled emails pretending to come from big name companies and government bodies.

Advertisement

Trend Micro fraud analyst Paul Pajares and senior architect Jon Oliver reported uncovering the scam in a threat advisory.

The emails masquerade as messages from one of roughly 800 legitimate sources and are designed to infect victims PCs and laptops with a special form of malware called TorrentLocker.

"We've noticed a recent increase in TorrentLocker-related emails being sent to users in several countries, particularly the United Kingdom," read the advisory.

"[In the UK] TorrentLocker-related emails pretend to be from utilities like British Gas or government bodies like the Home Office or the Ministry of Justice."

Advertisement

TorrentLocker is a particularly nasty piece of software that falls into the ransomware family of malware. Ransomware makes money by locking users out of their machines before demanding payment for returned access.

Particularly dangerous variants, like TorrentLocker, also encrypt files stored on the laptop, or PC, making it all but impossible for anyone but the hacker to return access to the victim.

"[TorrentLocker] will scan the hard drive for Microsoft office based files (word documents, powerpoint, excel etc) and encrypt them using strong encryption," Bharat Mistry, cyber security consultant at Trend Micro, explained to Business Insider.

"After this is complete, it will change the User Interface and the Wallpaper to show a Ransom note which instructs victims to visit a payment site to issue the ransom of an amount. Typical values of $500 have been seen in the past."

The specific emails in the latest TorrentLocker attacks can be partially identified because they require the victim click a link to a website owned by the hacker and then fill in a captcha before downloading the malware.

Advertisement

Captchas are online authentication tools used by many web services that requires users to enter a numeric or alphabetic key contained in an on-screen picture into an adjacent text box.

The Trend Micro researchers said people should remain on guard when receiving emails with captchas inside "especially if they just following a link in an email."

They also recommended "when confronted with a captcha code [people should] use the phone to contact the organisation," the original message claimed to be from.

The exact number of TorrenLockert infections remains unknown and Trend Micro could not give a firm figure when asked by Business Insider.

TorrentLocker is one of many active ransomware campaigns. A separate ransomware campaign targeting a known security vulnerability in Adobe's commonly used Flash Player was uncovered earlier this week.

Advertisement

NOW WATCH: Mark Cuban explains why downloading Snapchat is a huge mistake

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article