Hackers follow the money too

Deepthroat suggested during the Watergate investigations to “follow the money”- for Nixon then, read hackers now.

Deepthroat suggested during the Watergate investigations to follow the money- for Nixon then, read hackers now.Now hackers are going after law firms for exactly the same reason. This month, US prosecutors charged three Chinese traders with securities fraud, saying they had made more than $4m trading on information allegedly stolen from two of the US’s best known law firms.

Though prosecutors did not identify the firms, the descriptions of them and the work they had done match Cravath, Swaine & Moore and Weil, Gotshal, two firms routinely hired by Fortune 500 companies to help run their big deals. Both firms have declined to comment.

Though prosecutors did not identify the firms, the descriptions of them and the work they had done match Cravath, Swaine & Moore and Weil, Gotshal, two firms routinely hired by Fortune 500 companies to help run their big deals. Both firms have declined to comment.

The US Securities and Exchange Commission said the hackers targeted seven firms known for their mergers and acquisitions work, hitting them with more than 100,000 attacks over a three-month period. They then struck gold with two

They then struck gold with two organisations. After installing malware on each law firm’s computer network, they gained access to their IT departments and from there broke into the files and emails of senior M&A lawyers. They ended up stealing nearly 60 gigabytes of data related to at least 10 potential deals.

In several cases, the information bore fruit — the hackers gained early word of Pitney Bowes’ 2015 offer for ecommerce group Borderfree and Intel’s 2015 purchase of Altera, and were able to trade ahead of them.

“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking because you have information valuable to would-be criminals,” said Preet Bharara, the US attorney for Manhattan.

Other professional services firms should take note- your reputation and organisation are at risk from hackers.

This is not the first time the industry has been hit by hackers who specialise in what is becoming known as “outsider trading”. Last year federal prosecutors charged nine people in the US and Ukraine with trading ahead of earnings press releases that had been provided to Marketwired, PR Newswire and Business Wire. That case inspired other Ukraine-based hackers to try their luck with law firms, according to intelligence firm Flashpoint, which put out a warning in March.

Accounting firms that provide tax advice on mergers, boutique advisory firms, and consultants who weigh in on synergies and downsizing plans are almost certainly on the criminals’ hit list. Retailers, telecoms groups and internet companies, including Target, TalkTalk and Yahoo, have already had to pay the price for weak defences.

But in some ways, they got off easy. Most of the stolen passwords were old and the account details rarely included immediately usable information. At most, the hacks involved theft of credit card numbers, which come with fraud defences. So customers have rarely felt much need to hold hacked companies accountable. Yahoo, for example, seems to have suffered very little drop off in customer loyalty after announcing the first of two giant hacks, although the jury is still out after the second one.

Professional services firms will not be so lucky. Banks and companies pay extremely high prices for outside advice. They expect professionalism and confidentiality in return. Getting hacked by a bunch of Chinese traders is hardly a strong recommendation of either.

Faced with a choice of five law firms that invested in cyber defences that were strong enough to withstand a pointed attack, and two who did not, which would you choose?

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email safe@cyber139.com or complete the form on our contact page NOWContact Cyber 139From: https://www.ft.com/content/f52f6fee-ccf4-11e6-864f-20dcb35cede2

Glos Police warn cyber crime is more dangerous than streets at midnight

Gloucestershire Police said in Dec 2016 that within our county 54 % of all reported crime was cyber related.

Glos Police warns cyber crime is more dangerous than streets at midnight.In other words, you have a much higher chance of being mugged online in your home or work place than you do wandering around any of our high streets at midnight at the weekend.

According to the latest report by the Office of National Statistics (ONS), there were 5.8 million incidents of cyber crime and fraud in the 12 months up to March 2016, affecting one in 10 people in England and Wales.

The Federation of Small Businesses (FSB) found last month that small firms are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy being collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.

Despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cyber crime in the last two years. Over that period, those affected have been victims on four occasions on average, costing each business almost £3000 in total.

The types of cyber crime most commonly affecting small businesses are phishing emails (49%), spear phishing emails (37%), and malware attacks (29%).

Small firms are also concerned about hacking and fraud when the card is not present, with the average information breach setting them back 2.2 days.

However just a quarter of smaller businesses (24%) have a strict password policy, but only four per cent have a written plan of what to do if attacked online, and just two per cent have a recognised security standard such as ISO27001 or the Government’s Cyber Essentials scheme.

So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email safe@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Camelot’s National Lottery accounts are hacked

It could be you- as tens of thousands of online lottery Camelot players’ accounts are hacked.

It could be you- as tens of thousands of online lottery Camelot players' accounts are hacked.National Lottery operator Camelot says the login details of thousands of people who do the lottery online have been stolen.

There are 9.5 million national lottery players registered online, but Camelot said only around 26,500 accounts were accessed. It added that fewer than 50 accounts have had suspicious activity, such as personal details being changed, since the breach.

The company said it unearthed “suspicious activity on a very small proportion of our players’ online National Lottery Accounts” during its online security monitoring on 28 November 2016.

It added that there has been no unauthorised access to core systems. “In addition, no money has been deposited or withdrawn from affected player accounts,” said Camelot.

“However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.”

The company said it is now trying to find out what happened, but it believes that “the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details”.

The affected accounts have been suspended and Camelot will contact the account holders to re-activate them. Camelot added that it is working with the National Cyber Security Centre on the incident.

Are you an online lottery player?

If so, just crossing your fingers is not enough. To mitigate risks in the short term, account holders should update passwords and avoid using the same password across multiple sites.

No final fix for cyber security

There really is no final fix solution endgame when it comes to cyber security.

There really is no final fix solution endgame when it comes to cyber security, according to security industry veteran and chief research officer at F-Secure Mikko Hypponen.The claim was made by security industry veteran and chief research officer at F-Secure Mikko Hypponen and two of the most valuable lessons in cyber security are to know your enemy and not to rely on users to be secure.

“We will always have cyber security problems because we will always have bad people, which means job security in security is likely to continue for ever,” he told the Wired Security conference in London.

Cyber attackers are continually evolving their techniques and capabilities to steal and monetise data in new ways, which means the goalposts are continually moving.

“If we were still fighting the enemy of 10 years ago, we would be in great shape,” he said, alluding to the security tools that have been developed since then, as well as the security improvements in software.

“Attackers will always have the upper hand because they have the luxury of time to study our defences, while defenders do not have that luxury, so it is an unfair contest – a never-ending race.”

Reflecting on lessons learned over his 25 year career in information security, Hypponen said the most important thing is to understand the adversary.

However, he said the days of being able to do that easily are long gone, with most organisations finding themselves faced with a whole range of attackers.

They are all looking to gain something, said Hypponen, whether they are hacktivists supporting a cause, nation state actors or criminals.

“But for most organisations, criminals are the most likely to be attacking them,” he said, noting that of the 350,000 to 450,000 new malware samples that F-Secure sees on a daily basis, 95% comes from organised cyber crime groups.

“It is different when you get targeted by foreign intelligence agencies, because they are really bad, but most organisations are not targeted by foreign spies because most organisations are of no interest to them,” he said.

Although these cyber criminals like to portray themselves as Mafiosi, Hypponen said most are just “geeks” looking to make money from selling things such as hacked PayPal accounts and credit card details along with step-by-step guides on how to use them to make money.

Ransomware most popular form of cyber crime

Ransomware that encrypts victims’ data and demands payment in return for restoring it is fast becoming the most popular way for cyber criminals to make money.

“This is a simple business model based on the principle of selling data to the highest bidder, which is often the person or organisation that owns the data in the first place,” said Hypponen.

F-Security is currently tracking more than 110 different ransomware groups operating around the world and competing for market share.

“Ransomware has become very competitive, with the result of some groups seeking to expand into new markets by translating ransomware campaigns into 26 different languages,” said Hypponen.

Another evolution of ransomware attacks is the shift away from consumers to target enterprises.

“As soon as an infected computer is connected to the corporate network, the attackers enumerate and mount all the file shares the user can access and dynamically set the ransom based on how many files they manage to encrypt on the network,” said Hypponen.

The biggest concern about ransomware for enterprises is that it will stop business operations. With continuity in mind, some enterprises are even setting up bitcoin wallets to be able to pay ransoms quickly and minimise the impact on business continuity.

“This idea of continuity is really backwards, because it does not address the problem,” said Hypponen. “The more enterprises pay these ransoms, the greater and more entrenched this problem will become.”

Know your cyber attacker to defend yourself

Plus ca change- the Chinese general Sun Tzu said “know your enemy” 2,500 years ago- and the advice is as pertinent today as then when it comes to cyber security.

Plus ca change- the Chinese general Sun Tzu said Organisations can build better cyber defences by understanding which criminal underground is likely to target them, according to Robert McArdle, threat research team manager at Trend Micro.

There are several distinct types of cyber criminal undergrounds divided along language lines, each with their own particular characteristics, he told the Cloudsec 2016 conference in London.

The biggest and most mature are the Russian, English, German and Chinese cyber criminal undergrounds, but there also significant operations in Portuguese (Brazil) and Japanese.

“The all operate slightly differently and focus on different activities, so it depends on your business which of these undergrounds are the most likely to target your organisation,” said McArdle.

The Russian criminal underground is the longest-running, most mature criminal underground and was the first to introduce that as-as-service model, which has since been copied by most of the others.

The Russian cyber criminal underground is highly competitive, with most operations run along strict business principles, with some boasting dedicated sales departments and 24-hour support services.

The Trend Micro research team has identified several trends in the Russian underground, such as the fact that fierce competition is forcing prices lower, providing easier access to tools and services.

There has been a rapid increase in the number of tools and services targeting mobile devices and platforms in line with the growing popularity of mobile devices.

Another rapidly growing area is the trade in information about compromised sites that can be used in various cyber criminal campaigns.

Trade in credit card details continues to be strong on the Russian underground, with several sites dedicated to buying and selling this data.

“Some even have clickable maps that enable cyber criminals to view what credit cards are available in particular countries, cities and particular companies,” said McArdle.

“We have also seen the emergence of star-rating systems and the introduction of validation services that allows customers to try before they buy,” he said.

The Chinese underground is interesting, said McArdle, because although China is strongly associated with cyber espionage in the West, it is responsible for relatively little of run-of-the-mill cyber crime.

“Because of the language differences, the Chinese underground tends to build its own malware, does not rely on outside sources and mainly targets companies and individuals in China,” he said.

Although there is a fair amount of cyber crime hardware produced in China, such as card skimming devices, this tends to be sold through the cyber criminal markets based in South America.

The English cyber criminal underground is characterised by a much greater focus on physical goods, such as recreational drugs and fake identity documents, in addition to malware and killers for hire.

Distributed denial of service (DDoS) tools and services are very common in the English underground because they started out as tools developed by rival English-speaking gaming groups before migrating into extortion tools used by cyber criminals.

“We see a lot of tools and services for identity theft on the English underground, such as fake IDs, particularly in the US, where a stolen social security number can be used to impersonate someone to commit fraud by taking out loans, for example,” said McArdle.

Although the Portuguese cyber criminal underground based in Brazil is still relatively immature, he said it is growing and developing rapidly, driven by excellent online tutorials.

“Our researchers came across a three month tutorial programme for just £75 that is practically a masters level course on every aspect of conducting carding operations, including practical assignments with feedback on performance,” said McArdle.

The Portuguese underground is heavily focused on attacks on online banking, with 40% of Brazilians interacting with banks online. Consequently, most new attack methods aimed at online banking emerge in this region, providing a good indicator of what is likely to emerge in other parts of the world.

The Japanese underground is one of the least mature cyber criminal undergrounds, said McArdle, and, like the Chinese, it tends to focus on Japanese speaking customers and targets.

Although there is relatively little malware available because of the strict anti-malware legislation in Japan, he said there is a strong focus on Trojan malware and malware for webcams.

The Japanese underground is also characterised by gated communities, the use of coded language to refer to goods and services, and free porn websites pop-ups that demand payment for allegedly accessing member-only content.

“Strangely enough, around 10% of those targeted by these pop-ups pay the money demanded, even though the claims are false and no malware is involved,” said McArdle.

The German cyber criminal underground is the most mature in Europe and is not far behind the Russian underground.

“There are a lot of overlaps with the Russian underground, especially in terms of fake identity goods and services driven by demand from the growing Syrian refugee population in Germany,” said McArdle.

An understanding of nature of these undergrounds, he said, means that the banking sector should concentrate on the Russian and Portuguese undergrounds, for example, while those tasked with defending government or military networks would do well to concentrate on the Chinese underground.

“Understanding attackers is key to understanding what you need to defend against and building a strategy for doing so,” said McArdle.

Cyber crime included in official statistics

Cyber Security Force welcomes the inclusion of cyber crime in the latest crime survey for England and Wales by the Office for National Statistics (ONS).

Cyber Security Force welcomes the inclusion of cyber crime in the latest crime survey for England and Wales by the Office for National Statistics (ONS).

According to the latest report, there were 5.8 million incidents of cyber crime and fraud in the 12 months up to March 2016, affecting one in 10 people in England and Wales.

Just over half of the fraud incidents were cyber related, with 28% of these being non-investment fraud relating to online shopping or computer service calls. Some 68% of computer misuse crimes were related to malware and 32% were from unauthorised access to personal information including hacking.

However, the ONS cyber crime and fraud figures are an estimate, as specific questions relating to cyber crime were only added to the survey in October 2015 following a field trial.

“Headline estimates will include these offences for the first time in January 2017 once the questions have been asked for a full 12 months,” the report said.

According to the report, there were 4.5 million crimes reported in the period, excluding the 3.8 million cyber-related fraud incidents and 2 million compute misuse offences.

But the ONS said it would be incorrect to assume that once the figures are combined in the next report that the overall crime figure will double.

“This is the first time we have published official estimates of fraud and computer misuse from our victimisation survey, and ONS is leading the world in doing this. Together, these offences are similar in magnitude to the existing headline figures covering all other crime survey offences,” the ONS said.

“However, it would be wrong to conclude that actual crime levels have doubled, since the survey previously did not cover these offences. These improvements to the crime survey will help to measure the scale of the threat from these crimes, and help shape the response.”
Security should be top of board’s agenda

According to the ONS, cyber crime now makes up 40% of all recorded criminal incidents.

The technical capabilities of cyber criminals continue to outpace the UK’s ability to deal with cyber threats.

For the majority of organisations, the main two lessons to take from these statistics are the rapid evolution of cyber crime, and the number of threats that any individual or organisation will face.

As a result investment tends to flow into areas where it will be most productive, and crime is no different.

While there are government initiatives underway to tackle fraud, it is largely down to organisations to take care of themselves and the people they service.  The basics still apply:

  • Using strong passwords,
  • applying caution when using public Wi-Fi networks,
  • not revealing too much information about ourselves online and
  • regularly backing up personal data.

Experian’s Annual Fraud Indicator 2016 said fraud could be costing the UK economy up to £193 billion a year, with phishing attacks up by 21% in 2015 and were estimated to cost the UK more than £280 million.

Police ask for early contact of cyber crime

Businesses should contact the Police as early as possible about cyber crime- even before they are targeted.

Businesses should contact the Police as early as possible about cyber crime- even before they are targeted“The sooner we can become involved the better,” said Garry Lilburn, detective inspector, cyber crime unit, Metropolitan Police.

Current reporting mechanisms are “clunky” and there plans to replace them, he said, but in the meantime, businesses can make direct contact with the cyber divisions of the National Crime Agency (0370 496 7622) UK-wide or the Met Police for cyber crime in London (0207 230 8129) or 01452 752644 in Gloucestershire.

“Businesses can call us to discuss what is happening and get advice without having to officially report a crime and without fear of it leaking to the media or regulators,” said Lilburn, adding that some of the biggest cyber crime cases his unit has worked on have never been reported in public.

“If businesses contact us about cyber crime in action, we can advise them on how to mitigate the attack, preserve evidence, and how to communicate with cyber extortion gangs and even the media if necessary in the case of high-profile attacks,” he said.

However, Lilburn said businesses should engage with police even before they are targeted by cyber criminals.

“We offer a service of conducting table-top exercises with businesses so they can experience what it is like to work with the police in the event of an attack by cyber criminals and learn what kind of information we will need and the kind of questions we will ask,” he said.

Businesses should also develop plans for engaging with law enforcement before they are targeted by cyber criminals, and practice those plans in the same way they do fire drills, said Kurt Pipal, assistant legal attaché, office of the legal attaché at the FBI.

“Businesses should ensure they understand what law enforcement can do for them, what investigators are likely to ask for, and what they can do to help any investigation,” he said, adding that they should get their legal counsel involved because they are going to be one of the first points of contact with the police in the event of a cyber criminal attack.

“Many firms fear reputational damage and media exposure, but engaging early with law enforcement before anything happens often alleviates many of these types of concerns and makes them more comfortable in working with law enforcement when they are attacked,” said Pipal.
Police encourage information sharing

Cyber crime is almost always international in nature, but that should not put businesses off reporting cyber criminal activities, even if they appear to be coming from overseas or conducted through anonymising proxies, said Lilburn.

Many of the recent botnet takedowns involving the FBI have been the result of international law enforcement agencies working together, said Pipal.

“While cyber criminals may be based in countries where we cannot reach them, they also like to go on vacation, and often they go to countries where we do have the ability to make arrests, so businesses should talk to law enforcement about the cyber criminal activities they are seeing,” he said.

“Law enforcement should learn from this and also begin to find ways to collect information about bad actors that can be queried by law enforcement agencies around the world,” he said.

“Just because cyber criminals are located in other countries or appear to be anonymous, businesses should not assume we will not be interested or that we will not be able to take action against those responsible”

Many of these third parties are small and medium enterprises that work as suppliers or partners to larger organisations, but these businesses typically do not have the same level of security awareness or resources as their bigger partners, said Ferguson.

“While large organisations have the resources to understand and respond to threat intelligence gathered through industry forums and the government-sponsored cyber security information sharing partnership (Cisp) and the national computer emergency response team, Cert-UK, smaller businesses do not,” he said.

Indeed Cyber Security Force are part of theGloucestershire Safer Cyber Forum- which is founded and run by the Gloucestershire Constabulary.

90% of big UK businesses hacked by cyber attacks

There has been an increase in the number of both large and small organisations experiencing breaches according to the 2015 Information security breaches survey.

There has been an increase in the number of both large and small organisations experiencing breaches according to the 2015 Information security breaches survey

90% of large organisations reported that they had suffered a security breach, up from 81% in 2014. Small organisations recorded a similar picture, with nearly three-quarters reporting a security breach; this is an increase on the 2014 and 2013 figures.

59% of respondents expect there will be more security incidents in the next year than last.
The majority of UK businesses surveyed, regardless of size, expect that breaches will continue to increase in the next year. The survey found 59% of respondents expected to see more security incidents. Businesses need to ensure their defences keep pace with the threat.

The median number of breaches suffered in 2015 by large and small organisations has not moved significantly from 2014. 14 for large organisations and 4 for small businesses is the median number of breaches suffered in the last year.

Cost of breaches continue to soar

The average cost of the worst single breach suffered by organisations surveyed has gone up sharply for all sizes of business. For companies employing over 500 people, the ‘starting point’ for breach costs – which includes elements such as business disruption, lost sales, recovery of assets, and fines & compensation – now commences at £1.46 million, up from £600,000 the previous year.

The higher-end of the average range also more than doubles and is recorded as now costing £3.14 million (from £1.15 in 2014).

Small businesses do not fare much better – their lower end for security breach costs increase to £75,200 (from £65,000 in 2014) and the higher end has more than doubled this year to £310,800.

Organisations continue to suffer from external attacks

Whilst all sizes of organisations continue to experience external attack, there appears to have been a slow change in the character of these attacks amongst those surveyed. Large and small organisations appear to be subject to greater targeting by outsiders, with malicious software impacting nearly three-quarters of large organisations and three-fifths of small organisations.

There was a marked increase in small organisations suffering from malicious software, up 36% over last years’ figures.

69% of large organisations and 38% of small businesses were attacked by an unauthorised outsider in the last year, up from 55% a year ago and slightly up from 33% a year ago for SMEs.

Better news for business is that ‘Denial of service’ type attacks have dropped across the board, continuing the trend since 2013 and giving further evidence that outsiders are using more sophisticated methods to affect organisations.

You can find the research at: 2015 Information security breaches survey .

Ransomware increasingly dangerous cyber security threat

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.Eset’s LiveGrid telemetry shows an increase in detections of the JS/Danger.ScriptAttachment malicious code, which tries to download and install various malware variants to the intended victims’ machines.

The majority of the code consists of crypto-ransomware, including some well known groupings, such as Teslacrypt.

The most recent wave of attacks has been focused on victims in the UK, where it accounted for roughly every fourth threat in the third week of April 2016, said the security firm.

“To reach as many potential victims as possible, attackers are spamming inboxes in various parts of the world,” said Ondrej Kubovič, security specialist at Eset. “Therefore, users should be very cautious about which messages they open.”

Meanwhile, the latest Verizon Data Breach Investigations Report (DBIR) also warns that ransomware attacks are steadily increasing.

Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions, said: “Ransomware is going crazy. It is everywhere. As an incident response team we are dealing with ransomware attacks all the time.”

Eset’s Kubovič recommends that companies should train their employees to report incidents to their internal security departments.

“Users should keep their operating systems and software up to date, as well as install a reliable security suite offering multiple layers of protection and regular updates,” he added.

“Last but not least, users need to back up all their important and valuable data, allowing for its recovery in case of ransomware infection,” he said.

While ransomware is becoming an increasing problem for businesses, a recent spate of attacks on hospitals in the past few months – mainly in the US, but also in Canada, Germany and New Zealand – has underlined the potentially life-threatening impact of ransomware, which works by encrypting data and demanding a ransom to be paid for its release.

The dangers of the IoT

A report by Institute for Critical Infrastructure Technology (ICIT) has also highlighted the fact that internet of things (IoT) devices offer a potential growth opportunity to any ransomware operation, given the devices are interconnected by design and many lack any form of security.

According to the report, while a lot of traditional malware will be too large to ever run on many IoT devices, ransomware (predominantly consisting of a few commands and an encryption algorithm) is much lighter.

Many medical devices, such as insulin pumps and other medication dispersion systems, are internet- or Bluetooth-enabled, the report pointed out, and warned that ransomware could used to open connections to infect the IoT device.

Part of the problem with the security of IoT communications is that the designers are more concerned by the ease of connectivity than the safety of their users.

New ransomware threat- with your address

A new email ransomware that quotes people’s postal addresses is a costly new cyber security threat.

A new email ransomware that quotes people's postal addresses is a costly new cyber security threatAndrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4’s You and Yours that discussed the phishing scam.

Mr Brandt discovered that the emails linked to ransomware called Maktub. The malware encrypts victims’ files and demands a ransom be paid before they can be unlocked.

The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link – but that leads to malware, as Mr Brandt explained.

Maktub doesn’t just demand a ransom, it increases the fee – which is to be paid in bitcoins – as time elapses.

A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately £400. This rises to 1.9 bitcoins, or £550, after the third day.

The phishing emails tell recipients that they owe money to British businesses and charities when they do not.

One remarkable feature of the scam emails was the fact that they included not just the victim’s name, but also their postal address.

Many have noted that the addresses are generally highly accurate.

According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it’s still not clear how scammers were able to gather people’s addresses and link them to names and emails.

The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails.

The UK’s national fraud and cybercrime reporting centre has been flooded with queries from people targeted by the scam.

“We have been inundated with this,” said deputy head Steve Proffitt. “At Action Fraud on Monday we received an additional 600 calls and from then onwards we’ve received 500 calls to our contact centre a day,” he added.

Mr Proffitt advised people who had received the phishing emails to under no circumstances click on the link, but instead delete the message from their system and inform Action Fraud.

Referring specifically to Maktub and the approach taken by the phishers, Dr Murdoch said he believed the scam was “significant” in more ways than one.

“It also appears to be quite widespread – I’ve heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out,” he told the BBC.

He added that it was hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware.

For some individuals without backups, paying the ransom might be the only way to retrieve their data.

“However, every person that does that makes the business more valuable for the criminal and the world worse for everyone,” he said.

From:  http://www.bbc.co.uk/news/technology-35996408#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa