Ransomware Targets Millions in U.K.Experts Warn of Worldwide Surge in Attacks
A ransomware campaign is targeting tens of millions of banking customers, both consumers and businesses, in the United Kingdom, according to an alert from the Cyber Crime Unit of England's National Crime Agency.
The phishing e-mails, which purport to be from banking institutions, contain malicious attachments that automatically download the ransomware known as Cryptolocker.
Ransomware is a type of malware that hijacks a user's computer by taking control of its monitor or screen, locking the system and then displaying a ransom message. Typically, these messages appear to be from law enforcement agencies or some other trusted source, such as, in this case, a banking institution (see Trojans Tied to New Ransomware Attacks).
To fool consumers, ransomware attacks typically include a message that claims the targeted user owes back taxes or some type of payment to the bank. Unless a fee or penalty is paid, the computer will remain locked, the ransomware often claims.
Experts say these types of ransomware attacks are on the rise worldwide, and like any malicious attack, banking institutions have to be dilligent about informing customers of the risk. Still, even the best educational campaigns typically can't prevent all unsuspecting users from falling for these schemes.
The Cryptolocker Attack
The Cryptolocker attack displays a splash screen with a countdown timer and a demand for 2 Bitcoins in ransom totaling approximately Â£536 [U.S. $863] to receive the decryption code to unlock the system, according to the National Crime Agency. The agency's announcement does not go into detail about the attack, but experts say other Cryptolocker-based schemes have featured effective, authentic-sounding messages.
Researchers at security firm TrendMicro earlier this month blogged about the emergence of Cryptolocker.
"The past few weeks have seen the ransomware CryptoLocker emerge as a significant threat for many users," writes Maria Manly, an anti-spam research engineer at TrendMicro. "Our monitoring of this threat has revealed details on how it spreads, specifically its connection to spam and Zeus [a banking Trojan]."
Daniel Cohen, a researcher in the online threats managed services department at security firm RSA, says the use of Cryptolocker, and other types of ransomware has surged this year. "Ransomware made a big return during 2013 globally," he says, in spite of being a relatively old type of malware.
Banking institutions in the U.K. have made considerable investments in anti-malware technologies and solutions, says Avivah Litan, a financial fraud expert and analyst for the consultancy Gartner. But they can't keep up with the fraudsters' emerging schemes, she says.
As a result, about 20 percent of the emerging malware attacks institutions face worldwide will succeed, she predicts.
But banking institutions struggle to help protect endpoints, such as consumer's computers, that they don't control, she adds.
Banking institutions in the U.K. take steps to educate customers, Litan says, "and they have also set up a highly effective threat information sharing group between the private sector [mainly banks] and government agencies. That kind of public-private information sharing has helped law enforcement in the U.K. shut down servers linked to ransomware e-mails, Litan says.
Andrew Yeomans of The Open Group Jericho Forum, an independent international group of information security thought-leaders, says most banking institutions are probably already aware of Cryptolocker, but there is little they can do to prevent their customers' computers from being infected.
"The current Cryptolocker malware doesn't affect bank accounts; it just encrypts the user's local data, so the banks won't see anything," he says. "Common antivirus products block this malware anyway."
These types of attack, however, offer banking institutions an opportunity to remind their customers that they should be making backups of their critical data, just in case they are attacked by malware that causes hardware failure, Yeomans says.
UK Banks Less Prepared?
Gartner's Litan says U.K. banks and consumers often seem less prepared than their U.S. counterparts to defend against emerging malware attacks. But she acknowledges that the U.K. is usually targeted with new attacks before they strike North America.
"U.K. banks are typically the first group of banks to be attacked by new cybercriminal schemes, many of which originate in Eastern Europe," Litan says. "I think that may have something to do with their time zone and the fact that the fraudsters, who are also in Europe, can more easily test their attacks out in the U.K. without having to work off-hours."
Once these attacks have been tested and automated, they can then be launched against U.S. banks and other institutions around the world, she explains.
As a result, banking institutions and law enforcement worldwide should closely watch what happens in the U.K. and prepare accordingly.
But John Walker, visiting professor at the School of Science and Technology at Nottingham Trent University , contends that cybersecurity standards in the U.K. are far behind other parts of the world. That's because U.K. banking institutions have focused too much attention on complying with regulatory mandates and not enough on ensuring security.
"It really is about them getting their house in order, so that they may give protection to their clients," he says.