The National Fraud Intelligence Bureau (NFIB), which is a cybersecurity watchdog in the UK, warned the public of a new bitcoin ransomware scam circulating these days. The NFIB said that emails pretending to have originated from the UK Home Office, Ministry of Justice, and domestic oil company British Gas have been distributing malware called TorrentLocker.
TorrentLocker locks up a user’s files until a bitcoin ransom is paid. However, reports from previous years have revealed that majority of victims have declined to pay up to 4 BTC to decrypt their documents.
Bitcoin Ransomware Scam
The report also revealed that this bitcoin ransomware scam has been circulating in areas outside of the UK. In particular, the malware was targeted at specific countries, including Austria, France, Germany, and Italy as well.
In addition, the report noted that only 570 out of 39,760 infected systems were given access to decryption software upon paying the full ransom. Further investigation has also shown that some who paid bitcoins still did not see their files restored using decryption software since the full ransom amounts haven’t been paid.
TorrentLocker is believed to have originated from the same creators of Hesperbot, which is a banking trojan virus. In comparison to other bitcoin ransomware such as CryptoLocker, TorrentLocker is seen to have a limited reach.
According to the NFIB, other versions of the malware might also be encrypted in those emails, along with links to websites that are being used to distribute the ransomware. In some cases, users are being required to enter a captcha code after getting fake warnings on bills or legal action.
While the authorities are still cracking down on the source of this malware, the NFIB has reiterated the importance of creating offline backups of files and being careful when opening emails from unknown sources.