A cyber blackmail ring is targeting the UK with bogus, malware-filled emails pretending to come from big name companies and government bodies.
The emails masquerade as messages from one of roughly 800 legitimate sources and are designed to infect victims PCs and laptops with a special form of malware called TorrentLocker.
“We’ve noticed a recent increase in TorrentLocker-related emails being sent to users in several countries, particularly the United Kingdom,” read the advisory.
“[In the UK] TorrentLocker-related emails pretend to be from utilities like British Gas or government bodies like the Home Office or the Ministry of Justice.”
TorrentLocker is a particularly nasty piece of software that falls into the ransomware family of malware. Ransomware makes money by locking users out of their machines before demanding payment for returned access.
Particularly dangerous variants, like TorrentLocker, also encrypt files stored on the laptop, or PC, making it all but impossible for anyone but the hacker to return access to the victim.
“[TorrentLocker] will scan the hard drive for Microsoft office based files (word documents, powerpoint, excel etc) and encrypt them using strong encryption,” Bharat Mistry, cyber security consultant at Trend Micro, explained to Business Insider.
“After this is complete, it will change the User Interface and the Wallpaper to show a Ransom note which instructs victims to visit a payment site to issue the ransom of an amount. Typical values of $US500 have been seen in the past.”
The specific emails in the latest TorrentLocker attacks can be partially identified because they require the victim click a link to a website owned by the hacker and then fill in a captcha before downloading the malware.
Captchas are online authentication tools used by many web services that requires users to enter a numeric or alphabetic key contained in an on-screen picture into an adjacent text box.
The Trend Micro researchers said people should remain on guard when receiving emails with captchas inside “especially if they just following a link in an email.”
They also recommended “when confronted with a captcha code [people should] use the phone to contact the organisation,” the original message claimed to be from.
The exact number of TorrenLockert infections remains unknown and Trend Micro could not give a firm figure when asked by Business Insider.
TorrentLocker is one of many active ransomware campaigns. A separate ransomware campaign targeting a known security vulnerability in Adobe’s commonly used Flash Player was uncovered earlier this week.