The UK’s crime agency released an alert today after a flood of spam swept the country promoting bitcoin ransomware scourge CryptoLocker.
The National Cyber Crime Unit predicted that emails would hit tens of millions of UK customers, and that they were targeting small to medium-sized businesses in particular. “This spamming event is assessed as a significant risk,” it said.
Discovered last month, CryptoLocker is distributed by email. It includes a ZIP file attachment that infects a victim’s computer, encrypting their files, and them demanding a ransom of 2 bitcoins. That will see people paying almost £500 to get their files back. It’s likely, however, that victims at this point will choose to pay in fiat currency, which is also an option. Reports indicate that this costs $300.
CryptoLocker has become more sophisticated over the last few weeks. The perpetrators have created a Tor-shielded web site that enables victims to redownload the private keys necessary to unlock their files, rather than sending bitcoin or MoneyPak payments. It also offers a ‘second chance’ option to download their files. The software originally warned that files would be unrecoverable after 72 hours. Now, the site simply increases the ransom to 10 BTC, and the option to pay with fiat via MoneyPak is removed.
That will be of scant comfort to the poor old lady who one Bitcointalk.org contributor says he found hanging around Vancouver, BC’s bitcoin ATM on Monday. She was putting money into the bitcoin ATM and couldn’t understand why no bitcoins were coming out. The woman, who didn’t understand how a paper-based private key worked, had apparently been targeted by CryptoLocker and was trying to get her files back.
CryptoLocker, combined with Tor, provides a low risk/opportunity ratio for crooks, pointed out Mike Hearn in his post about marked coins, which was publicised on Reddit yesterday. He cited the ransomware explicitly as an example of how marked coins could be useful.
It is unclear how many people are paying with bitcoins as opposed to fiat currency to get their files back, but reports suggest that either way, they are able to unlock their files afterwards. And at least one Chamber of Commerce is advising victims to pay. With bitcoin prices over $400, it looks like a win for the criminals, and a lose for thousands of victims, at this point.
Brian Krebs has some tips for how to protect your PC.