NCA warns UK of mass CryptoLocker ransomware attacks

News by Kate O'Flaherty

Thousands of UK businesses could have been affected by sophisticated CryptoLocker ransomware, the National Crime Agency's (NCA) National Cyber Crime Unit has warned.

Thousands of UK businesses could have been affected by sophisticated CryptoLocker ransomware, the National Crime Agency's (NCA) National Cyber Crime Unit has warned.

The event is seeing victims receive emails that appear to be from banks and other financial institutions. The emails carry an attached file, which is malware that can install CryptoLocker (also see last week's SC report on the usurge in CryptoLocker useage).

CryptoLocker encrypts files on the infected machine and the local network it is attached to. Once encrypted, the computer will demand a payment of two Bitcoins - around £526 -  in exchange for the decryption key.

The latest emails, which appear to target small and medium businesses, could have been sent out to tens of millions of UK customers. "This spamming event is assessed as a significant risk," the National Cyber Crime Unit said in a statement. An investigation is "ongoing" to identify the source of the email addresses used.

The NCA advised affected users not to pay the ransom, as "there is no guarantee that they would honour the payments".

Ransomware is evolving to become much more sophisticated and complex, Stefano Ortolani, security researcher at Kaspersky Lab told "It is getting to another level; CryptoLocker is an industry-grade encryption system."

Kaspersky Lab sinkholed three domains to measure the number of worldwide victims: so far, 2,764 unique victim IPs have contacted the domains.

The rise of ransomware attacks highlights the need for adequate security software, said Tony Neate, CEO of Get Safe Online. "It's very concerning as the effect of being infected by this is dramatic. It doesn't just ask for a ransom; it encrypts," he said, adding: "I am hoping that the majority of firms will at least use security software on their machines."

However, basic anti-virus is not always enough to protect businesses from this type of attack, Gavin O'Gorman, security response manager, Symantec told, adding "You do need extra layers. Even if firms have anti-virus, they could get infected: criminals are very smart."

George Anderson, Product Marketing Director, Webroot concurs, telling “Despite the NCA's advice, it's not always possible to prevent malware getting through, the key is to combine good defences with strong recovery. A great defence is the ability to automatically record attempts by ‘unknown' software to change your files. Similarly vital is the ability to store secure back-up copies of those files before they are encrypted. With that in place, as soon as CryptoLocker is deemed malicious, it is removed, all changes made by it are rolled-back and back-up copies of unencrypted files are automatically restored.”

O'Gorman said it is likely that CryptoLocker will become more widespread. It is currently most prevalent in English-speaking countries such as the US, the UK and Canada, but he predicts it will be seen in mainland Europe, particularly Germany, soon.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike