A new email ransomware that quotes people’s postal addresses is a costly new cyber security threat.
Andrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4’s You and Yours that discussed the phishing scam.
Mr Brandt discovered that the emails linked to ransomware called Maktub. The malware encrypts victims’ files and demands a ransom be paid before they can be unlocked.
The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link – but that leads to malware, as Mr Brandt explained.
Maktub doesn’t just demand a ransom, it increases the fee – which is to be paid in bitcoins – as time elapses.
A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately £400. This rises to 1.9 bitcoins, or £550, after the third day.
The phishing emails tell recipients that they owe money to British businesses and charities when they do not.
One remarkable feature of the scam emails was the fact that they included not just the victim’s name, but also their postal address.
Many have noted that the addresses are generally highly accurate.
According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it’s still not clear how scammers were able to gather people’s addresses and link them to names and emails.
The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.
Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails.
The UK’s national fraud and cybercrime reporting centre has been flooded with queries from people targeted by the scam.
“We have been inundated with this,” said deputy head Steve Proffitt. “At Action Fraud on Monday we received an additional 600 calls and from then onwards we’ve received 500 calls to our contact centre a day,” he added.
Mr Proffitt advised people who had received the phishing emails to under no circumstances click on the link, but instead delete the message from their system and inform Action Fraud.
Referring specifically to Maktub and the approach taken by the phishers, Dr Murdoch said he believed the scam was “significant” in more ways than one.
“It also appears to be quite widespread – I’ve heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out,” he told the BBC.
He added that it was hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware.
For some individuals without backups, paying the ransom might be the only way to retrieve their data.
“However, every person that does that makes the business more valuable for the criminal and the world worse for everyone,” he said.