Earlier this month Brian and I both wrote about ransomware and the threat it poses to both business and individual computer users.
Now, if further evidence is needed of how the problem continues to grow, it appears that there is a large run of CryptoLockered-emails appearing, purporting to have come from Royal Mail.
The email advises recipients that there is a lost or missing package awaiting them at their local sorting office. More information is required in order to collect the package and the email ‘helpfully’ includes this in an attachment which, of course, is really the ransomware.
Those who open the attachment will instantly find themselves in the mire as CryptoLocker encrypts the entire contents of their hard drives with an algorithm which is nigh on unbreakable.
After this disaster, the victim will then be offered the opportunity to recover their data, for a limited time, and at a cost. A message will offer the private key required to retrieve the encrypted data. The amount required to obtain the key from the scammers varies with prices typically in the range of $100 to $300, or the equivalent in other currencies.
Whilst there have been stories of companies and individuals paying up and getting their files back there is no certainty that this is always the case and one has to wonder what online criminals do with the payment card details once they have them!
Hopefully, the rise in ransomware should prompt all types of users to take proactive security measures, such as ensuring they have appropriate software both installed and kept up to date. Business users may also wish to educate staff on the risks and give advice on how to work safely online. Keeping regular backups should also go without saying and it would be advisable to keep them segregated from the main PC where possible.
Anyone receiving this a suspicious looking email from Royal Mail is encouraged to contact the company’s customer services department on 08457 740 740 before opening any attachments.
Royal Mail also released the following advice for its customers:
- Royal Mail will never send an email asking for credit card numbers or other personal or confidential information.
- Royal Mail will never ask customers to enter information on a page that isn’t part of the Royal Mail website.
- Royal Mail will never include attachments unless the email was solicited by customer e.g. customer has contacted Royal Mail with an enquiry or has signed up for updates from Royal Mail.
- Royal Mail have also stressed that they do not receive a person’s email address as part of any home shopping experience.
Anyone who has already fallen victim to this particular ruse is encouraged to contact Action Fraud via its online reporting tool. Doing so will help alert other victims and gain you a police crime reference number but, alas, is not likely to lead to the return of your data.