Watch out for these dodgy British Gas and Home Office emails, they're part of a blackmail scam

Advertisement

Two fisherman at work

Reuters Pictures

Hackers a phishing for fresh victims in the UK

A cyber blackmail ring is targeting the UK with bogus, malware-filled emails pretending to come from big name companies and government bodies.

Advertisement

Trend Micro fraud analyst Paul Pajares and senior architect Jon Oliver reported uncovering the scam in a threat advisory.

The emails masquerade as messages from one of roughly 800 legitimate sources and are designed to infect victims PCs and laptops with a special form of malware called TorrentLocker.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

"We've noticed a recent increase in TorrentLocker-related emails being sent to users in several countries, particularly the United Kingdom," read the advisory.

"[In the UK] TorrentLocker-related emails pretend to be from utilities like British Gas or government bodies like the Home Office or the Ministry of Justice."

Advertisement

TorrentLocker is a particularly nasty piece of software that falls into the ransomware family of malware. Ransomware makes money by locking users out of their machines before demanding payment for returned access.

Particularly dangerous variants, like TorrentLocker, also encrypt files stored on the laptop, or PC, making it all but impossible for anyone but the hacker to return access to the victim.

"[TorrentLocker] will scan the hard drive for Microsoft office based files (word documents, powerpoint, excel etc) and encrypt them using strong encryption," Bharat Mistry, cyber security consultant at Trend Micro, explained to Business Insider.

"After this is complete, it will change the User Interface and the Wallpaper to show a Ransom note which instructs victims to visit a payment site to issue the ransom of an amount. Typical values of $500 have been seen in the past."

The specific emails in the latest TorrentLocker attacks can be partially identified because they require the victim click a link to a website owned by the hacker and then fill in a captcha before downloading the malware.

Advertisement

Captchas are online authentication tools used by many web services that requires users to enter a numeric or alphabetic key contained in an on-screen picture into an adjacent text box.

The Trend Micro researchers said people should remain on guard when receiving emails with captchas inside "especially if they just following a link in an email."

They also recommended "when confronted with a captcha code [people should] use the phone to contact the organisation," the original message claimed to be from.

The exact number of TorrenLockert infections remains unknown and Trend Micro could not give a firm figure when asked by Business Insider.

TorrentLocker is one of many active ransomware campaigns. A separate ransomware campaign targeting a known security vulnerability in Adobe's commonly used Flash Player was uncovered earlier this week.

Advertisement

NOW WATCH: Mark Cuban explains why downloading Snapchat is a huge mistake