National Fraud Intelligence Bureau issues warning over Cryptolocker attacks

The National Fraud Intelligence Bureau is warning about the damage being caused by Cryptolocker, a destructive malware that installs itself on computers and effectively holds peoples’ files to ransom.

So far, the National Fraud Intelligence Bureau (NFIB) has received reports from almost 100 victims, with an average loss of £460.

Affected businesses and individuals will also incur losses, such as wasted time, lost revenue and additional IT costs, in addition to further implications for files that are not separately backed up.

The malware is predominantly deployed via zip files in e-mail attachments and web links exploiting legitimate public sector organisations’ branding.

How does the threat get in?

Process
1. An e-mail attachment or Internet link that contains the malware is opened on your computer, which installs the malware, or your computer is already infected with malware (ie a Botnet) and the criminal uses this to further infect your computer with CryptoLocker.
2. The malware runs and installs CrytpoLocker.
3. The malware encrypts all the files it can find including images, documents and spreadsheets.
4. The malware then pops up a page giving you limited time, usually 72 hours, to buy back the private key, typically $300, to regain access to your data.
5. It’s unclear as to whether access is regained after paying the ransom.

How can you reduce the risk of becoming a victim?
1. Do not click on attachments unless you can verify the source, particularly if you are not expecting correspondence from the source.
2. Install and run security software and set to update automatically.
3. Set your computer’s security settings to update automatically.
4. Make regular back-ups, storing them safely and preferably offline.
5. Increase security settings on your browser.

Leave a comment

Filed under IFSECGlobal.com News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s