SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
19 Apr 2016

The ransomware that knows where you live

A widely distributed scam email that quoted people's postal addresses links to a dangerous form of ransomware, according to a security researcher.

Andrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4's You and Yours that discussed the phishing scam. Mr Brandt discovered that the emails linked to ransomware called Maktub.

The malware encrypts victims' files and demands a ransom be paid before they can be unlocked. The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link - but that leads to malware, as Mr Brandt explained. One of the emails was received by You and Yours reporter Shari Vahl. "It's incredibly fast and by the time the warning message had appeared on the screen it had already encrypted everything of value on the hard drive - it happens in seconds," Mr Brandt told. "This is the desktop version of a smash and grab - they want a quick payoff."

Maktub doesn't just demand a ransom, it increases the fee - which is to be paid in bitcoins - as time elapses. A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately $580. This rises to 1.9 bitcoins, or $790, after the third day. The phishing emails tell recipients that they owe money to British businesses and charities when they do not. One of the organisations named was the Koestler Trust, a charity which helps ex-offenders and prisoners produce artwork.

"We rely on generous members of the public and we were very distressed when we discovered that people felt they had received emails from us asking for money, when indeed they had not been generated by us at all," chief executive Sally Taylor told You and Yours.

Addresses included

One remarkable feature of the scam emails was the fact that they included not just the victim's name, but also their postal address. Many, including BBC staff, have noted that the addresses are generally highly accurate. According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it's still not clear how scammers were able to gather people's addresses and link them to names and emails. The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails. In a statement, the firm said: "Ebay works aggressively to protect customer data and privacy, which is our highest priority. "We are not aware of any link between this new phishing scam and eBay's data. "We continually update our approach to customer data security in an effort to create the safest environment possible for our customers."

Fraud body 'inundated'

The UK's national fraud and cybercrime reporting centre has been flooded with queries from people targeted by the scam. "We have been inundated with this," said deputy head Steve Proffitt. "At Action Fraud on Monday we received an additional 600 calls and from then onwards we've received 500 calls to our contact centre a day," he added.

Mr Proffitt advised people who had received the phishing emails to under no circumstances click on the link, but instead delete the message from their system and inform Action Fraud. Referring specifically to Maktub and the approach taken by the phishers, Dr Murdoch said he believed the scam was "significant" in more ways than one.



"It also appears to be quite widespread - I've heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out," he told. He added that it was hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware. For some individuals without backups, paying the ransom might be the only way to retrieve their data. "However, every person that does that makes the business more valuable for the criminal and the world worse for everyone," he said.

Tags:
information leaks fraud Maktub
Source:
BBC News
1784
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015