back to article File-NUKING Cryptolocker PC malware MENACES 'TENS of MILLIONS' in UK

The infamous Cryptolocker malware, which encrypts your computer files and demands a payment of £534 ($860) to unlock them, may have been sent to "tens of millions" of Brits, Blighty's crime-busters warned today. According to an alert from the UK National Crime Agency (NCA), a fresh round of ransomware-loaded spam posing as …


This topic is closed for new posts.


  1. Mark 85 Silver badge

    The Ransom?

    Bitcoins? And if you don't have any, then what? Basically f**cked, I suppose. Then again, opening a dodgy document/email might be considered foreplay to getting f**cked via malware.

    1. moylan

      Re: The Ransom?

      it would explain the rise in the value of bitcoins

    2. Anonymous Coward
      Anonymous Coward

      Ransom to be paid in BitCoins...

      Savvy crims, get paid, and boost the value of your investment!... Still, lots of unanswered questions...

      #1. What if a user spots a dodgy serial number looking exe in talk mangler, can they kill it?

      #2. The BBC site said many users were paying and not receiving the key?....

      #3. I want to know how drive-by attacks are infecting machines too. But all the news articles harp on about are dodgy attachments. However, originally drive-by attacks were also reported. So what was the attack vector: Java, Flash, other 3rd party plug-in, JavaScript etc etc?

    3. Anonymous Coward
      Anonymous Coward

      Re: The Ransom?

      If you don't have bitcoins, they expect that you'll buy some. Which you can do on any one of many exchanges. These criminals are smart enough to make sure they're hard to trace (Bitcoins are anonymous), but relatively easy to collect from their victims (you can legally and easily buy bitcoins online, you don't have to mine them yourself).

  2. Anonymous Coward
    Anonymous Coward

    Fucked up shit

    Got one of those I think. Was too suspicious to click it. Got deleted instead.

  3. Cardinal

    No shit Sherlock!

    "the NCA believes the operation is the work of a tech-savvy crime ring"

    How on earth do you do it Holmes?

  4. Don Jefe

    I guess this is good for getting new users into Bitcoin... But honestly it seems to me like the people who really want to see Bitcoin succeed would want to see an end to this sort of thing. It's just another reason policy makers can cite as proof Bitcoin is used 'primarily for criminal purposes'. If some people don't get their act together it's going to be hard to refute that claim.

    1. Anonymous Coward
      Anonymous Coward

      " another reason policy makers can cite as proof Bitcoin is used 'primarily for criminal purposes'."

      And who might be motivated to say that, I wonder?

      Follow the money.

      1. M Gale

        Follow the money.

        Isn't that what Bitcoin is designed to prevent?

        1. Destroy All Monsters Silver badge

          Somewhat (it's cashlike anonymous but you can indeed follow the bitcoin in particular when the bitcoin is exchanged with the government-sponsored paper money)

          But additionally, infinite money printing by the bitcoin central bank is a no-no.

  5. keithpeter


    As we are paying billions to have GCHQ collecting data about us, could they not simply find and nuke the perpetrators? Or even just block the phone home so the cryptographic key never arrives?

    1. Shaha Alam

      Re: GCHQ

      the shepherd can usually do sod all about the wolves so spends his time mainly watching the sheep.

      1. Anonymous Coward
        Anonymous Coward

        Re: GCHQ

        Only watching the sheep?

        1. Ted Treen

          Re: GCHQ

          I take it you're Welsh...

    2. Slap

      Re: GCHQ

      "As we are paying billions to have GCHQ collecting data about us, could they not simply..."

      ...provide users that are hit by this with a backup of their data that they've already snaffled through nefarious means.


  6. nematoad Silver badge


    Seems to me that the solution is obvious.

    Don't use Windows.

    I too have been the recipient of a number of spurious bank e-mails. I didn't touch them, of course, but even if I had they would have just bounced off as I use Linux.

    No, I'm not smug, just happy I got off the MS train of death years ago,

    1. Anonymous Coward
      Anonymous Coward

      Re: Nasty.

      You'd think Microsoft would go after these guys if plod won't/can't do it.

      How hard is it to offer the Mafia $1M through the back door to "rub out" three Ukrainian student geeks?

      Windows is never going to be "Loved" with this sh*t happening.

      1. SDoradus

        Re: Nasty.

        The geeks have already been rubbed out and the FSB has taken over.

    2. Adam 1 Silver badge

      Re: Nasty.

      Why is this a Windows only thing? I mean this specific malware was compiled for Windows but the attack vector is phishing and irrespective of the OS the user would have permission to write to those files.

      Sometimes smug is justified. Other times it is misplaced.

      1. Brad Ackerman

        Re: Nasty.

        Other than because the attackers didn't think that they would make enough BTC to justify a Linux port? Probably nothing. But I do reserve the right to snark about businesses that don't have offline backups.

      2. Anonymous Coward
        Anonymous Coward

        Re: Nasty.

        "Why is this a Windows only thing? I mean this specific malware was compiled for Windows but the attack vector is phishing and irrespective of the OS the user would have permission to write to those files."

        Because, like Windows, Linux file systems have an "execute" permission. The difference being that when Linux saves a file, the execute permission is disabled unless you manually enable it, preventing the malware from running by double-clicking the attachment.

        This makes running malware a lot more difficult, since you first need to know to change the permissions to execute the file and in doing so, probably understand that it's not in fact a weirdly named PDF but an executable pretending to be.

        Assuming you have given it execute permission, it still only executes in your user space, unless you're also stupid enough to enter your password and run it as root (assuming IT gave you the password). Since these businesses have been setup professionally with backups, nuking your user space isn't such a big issue as it can be restored and the OS remains in tact.

        This is why malware is more prevailant on Windows. Linux can still be infected, you just have to get the user to jump through a lot more hoops and they're more likely to trip on them and get suspicious.

      3. JLV Silver badge

        Re: Nasty.

        This write-up doesn't say it, but others do:

        The malware "disguises" itself by files like "foobar.pdf.exe" and giving itself the PDF filetype icon.

        Windows, being Windows, and trying not to overwhelm our dear little heads with trivial information, comes with "hide extensions for known filetypes" checked on (one of the first things I undo on a new install).

        So to Joe Average, they are clicking on a PDF, not an EXE.

        Keep in mind, over the last 5 or 6 years, MS's "security" has been crying wolf ALL the time wrt to files. With regards to anything, really.

        For example, I can't even open my own Word files in an email at work without being nagged to death by Windows. Heck, I can't even _edit_ my own .cmd files in Notepad without a warning. So many users will dismiss whatever warning it does throw.

        So, yeah, maybe if Linux desktops had 80% penetration then someone might have cobbled more attack vector together and malware wouldn't "Windows only". And, as a Mac user, I figure we are overdue for a real nasty - Apple's security record is patchy, but BSD saves their bacon most days.

        But this particular flavor of fubar has Redmond's signature all over it. Not least, the lack of execute permissions on Windows files and the delegation of that responsibility to the user.

    3. BobChip

      Re: Nasty.

      Likewise. I went Linux about six years ago, and although I obviously benefit from the added protection it gives me, that is only one of the reasons I had for making the switch. I'm almost tempted to hope that Linux remains a minority interest on the desktop, just so that it is not worthwhile for the bad guys to attack it - even though that would be harder to do in the first place.

      More to the point, the cybercrime issue is now so serious that only governments, co-operating on a large scale internationally, can begin to combat it. But, as has been observed elsewhere in other comments here, they seem to be much more interested in watching the sheep than catching the wolves.

      1. JCitizen

        Re: Nasty.

        It is a different world now. The average dude or dudette, using Android on their mobile device will not suspect such at attack. It is true they will not run into a CryptoLocker type threat(yet), but for Linux newbies; they will fall for any social engineering trick in the book. So no matter what OS you use, if you don't have a clue, you will get pwned. At least the enlighten few here on the REG will never fall for such a scam; but we must be sympathetic for the bozos who do.

    4. Fatman Silver badge

      Re: Nasty.

      The Trojan infects systems running Windows 8, Windows 7, Vista, and XP.

      That part is so telling.

      Poor, hapless WindblowZE (l)users, if they were not chained to the deck of the MS Titanic.

      1. Valeyard

        Re: Nasty.

        windblowze (l)users?

        Ah that reminds me of when i typed "micro$oft" when i was a punk-wannabe little 15 year old.

      2. Havin_it

        @Fatman Re: Nasty.

        Please, just don't. It probably sounded good in your head, but it's not helping.

    5. nematoad Silver badge

      Re: Nasty.

      I notice with some amusement that my original post "Nasty" is getting mixed reviews. 26 up 26 down at the time of writing.

      Let me explain why I said what I said about not using Windows.

      It is NOT a personal attack on those using Windows, use what you like. I did however follow Microsoft's advice in deprecating unsafe software. MS itself has advised users not to use SHA-1 as there are serious concerns as to the lifespan of this algorithm see:

      So, if it's good enough for MS to say don't use something that is potentially unsafe, then it should follow that if the OS itself poses extreme risks to a user's data then it too should be avoided. Not an easy choice to make but if you are responsible for the safety of say, a companies data, then you really should consider eliminating anything that poses a threat to that data.

      As I said this is not a personal attack on anyone's choice of OS, just a suggestion to be as safe as you can be. The trouble is that the readers of El Reg probably don't need that spelled out for them, it's the general public who need to be informed of the threat. Though given the take up in Android and iOS that may mitigate some of the problem.

      1. Ben Norris

        Re: Nasty.

        The uptake of android and ios arn't going to mitigate anything. Windows is not the subject of these attacks because it is less secure but because it is more popular. As alternatives become widely used we will and are already seeing more and more attacks against them too. The common factor is the User, not the OS.

        1. nematoad Silver badge

          Re: Nasty.

          "The common factor is the User, not the OS."

          And if the OS is inherently more secure then what does that do for the general risk to a person's data?

          Reduces it, I think.

          The uptake of Android and iOS will mitigate the threat from using unsafe OSs if it means that such an insecure OS is replaced by a more secure one.

  7. JassMan Silver badge

    Simple answer

    Since it doesn't atack .EXE files, just change the extension of all your important files. Any decent OS can work out what app to launch from the file contents. Oh wait... Did someone say it atacks MS based OSes.

    Just tested it on a .DOC, .JPG and .TXT on my PC and seems to work well. I can even get rid of the extension completely and it still works. Does seem to confuse the thumbnails though - OOPS!

    1. Mark .

      Re: Simple answer

      If windows didn't use extensions for file types, presumably the Trojan would then also just figure out the file types too using the same method, anyway.

      1. This Side Up

        Re: Simple answer

        If Windows didn't use extensions for file types then it would presumably use proper file types which are independent of filenames. I'm fed up with getting attachments typed as binary data (Application/octet-stream) because some stupid Windows or webmail client hasn't bothered to set the Content-type properly.

        One problem is that if Windows users hide frequently used extensions, which is/was the default, then the attackers can send filenames ending in .doc.exe which look like .doc files if you've overlooked the fact that you shouldn't be seeing .doc either.

        The ransomeware is usually a .exe file inside a .zip file. I've received loads of them not just pretending to be from financial institutions but also from couriers.

  8. Martin 47

    NSA/GCHQ worried they are going to be underfunded next year and decided to take matters into their own hands perhaps?

    1. tony2heads
      Big Brother

      Try the Dilbert solution for backups

      after all the NSA & GCHQ must have all this stuff anyway

  9. Arachnoid

    If you do need Bitcoins buy em early in the morning the effing price on those things moves like $40 or more over the day.

    1. Anonymous Coward
      Anonymous Coward

      "If you do need Bitcoins buy em early in the morning"

      Any particular timezone?

  10. bod43

    I don't want an email client that can run code silently. I don't want email that contains code. It is all nuts.

    1. Destroy All Monsters Silver badge

      If you want filtering Software, you know where to get it.

  11. Dan 55 Silver badge

    £534 ($860)

    Now those are good, honest thieves. How many times have we had the £1 = $1 exchange rate foisted upon us by the likes of Apple for the same net return?

  12. FrankAlphaXII Silver badge

    Pretty easy to mitigate this one, as is the case with most Windows malware that isn't custom tailored by a State Actor anymore. Disallow email attachments as you should have done 10 years ago (there's nothing that you can't use dropbox or the like for that absolutely has to be sent through email), don't download dodgy executables and don't pirate programs. If you do, use some common sense and scan the shit out of them before installing. Disable autorun (I can't believe that one still has to be said), and run the cryptoprevent tool from foolishit (or alternatively, manually add the registry keys that the tool adds if you don't trust the tool). Spending 15 minutes mitigating across your Windows clients is a hell of a lot cheaper than buying two bitcoins.

    Of course, don't let any of this stop some of you from your juvenile pissing and moaning about how Windows sucks, though no one in the real world cares. Really, if some FOSS people spent half as much time actually helping the projects they care about and attempting to fix fairly major and/or confusing problems as they do complaining about things they can't change in regard to the proprietary vendors, maybe there would be some solutions to the glaring problems preventing the >1% desktop adoption rate from increasing, but its easier and more fun to blame someone else I guess. It amazes me that the insecurity and persecution complex is still ongoing among far too many members of the community when it has been high time to grow up for quite awhile now.

    IMO, You need to be able to use, secure, and support everything on the market including but not limited to Windows, every fragmented bit of Linux distribution, Android, iOS, *BSD, AIX, HP-UX, and OS X and have a working knowledge of experimental edge cases like Haiku (among others) if you consider yourself a professional, otherwise find a different field to work in. IT is not a monoculture, it never has been and never will be.

    1. Ned (the original)


      Please don't confuse between the bitchtards and the Foss community.

      1. Don Jefe

        Re: @frankalphaxii

        I realize that email attachments are the source much of the undesirable code out there. But email attachments are also the source of a lot of desirable business that's out there as well. My business would grind to a halt in a quick fast hurry if we didn't allow attachments. What you're suggesting is like disallowing cars on the highway because cars are a major source of accidents.

        A well managed system doesn't disallow common operations, it mitigates the risks associated with those operations. Anybody can just turn things off. It takes someone who actually knows what they're doing to work within the requirements of the business.

        1. cracked

          Re: @frankalphaxii

          Yes and no, Don.

          Yes, in the real world, you can't expect an averageSME not to use risky procedures/technology to keep up with the competitors. And neither can you expect them to understand the risks and/or - in the majority of cases, in my experience - pay for effective mitigation.

          But no, because the system - in this case, the bit of the system called email attachments -is an enormous risk that, really, your average SME should not be taking. And this will only get worse, as time goes on - Crime is a lucrative business and the internet is a great place to carry on in that enterprise.

          In a system in which anonimity is on by default - and extremely difficult to turn off - no one should be receiving anything from any one. At least no one without the - or finances to acquire the - knowledge necessary to make sure what is being received is fit to be viewed.

          As history shows - and will, no doubt, go on showing - breaking something is much, much easier than building something that cannot be broken. Dig up that bloke Hadrian and ask him. And never mind Ukrainian students, all he had to deal with were a few Scottish lads with a tin or two of blue paint.

          Me? I remember when CDs were indestructable ...

          EDIT: Forum Overlords. Merit Badge Award: "Your post contains some invalid HTML". It probably still contains a few other invalid things, but even the limited help is much appreciated by this idiot :-)

          1. Don Jefe

            Re: @frankalphaxii

            I don't know... If a SME isn't going to allow attachments you're getting really close to the dreaded 'does the average person/small business need a computer at all' line.

            Unless you've got a really weird business that doesn't need supplies or has only one or two suppliers that sell fixed price commodities then operating without email is going to cause all sorts of expensive problems. Both parties are going to have to develop and enforce IT policies that for the vast majority of SME's and upstream SME suppliers are beyond their means. The vast majority (over 65%) of SME's in the US have annual revenues of less than $150k. Less than 25% of B2B vendors (suppliers) have revenues over $1m. Asking either of those groups to step up their IT is nearly a wasted effort: They simply don't have the means.

            You're going to end up with one of two solutions. Either an IT guy who is driven insane by exemptions or staff that just work right around the blocks and create new attack vectors in the process. I would argue that larger organizations could develop functional 'no attachment' policies and processes far easier than a SME.

            Even if you did manage to browbeat people into not using attachments I've yet to meet a successful SME owner or executive that's going to deal with those restrictions. They're the most likely to fall for some stupid spear-phishing attempt anyway. All you've done by blocking attachments is make things more complicated and risky. With an attachment you've got a known risk and lots of ways to defend that opening.

            1. cracked

              Re: @frankalphaxii

              I agree, Don - In the real world it's basically the same as the high % of drivers who beetle-about uninsured. Probably won't happen to them; deal with the consequences, at the time, if it does.

              The BBC was reporting this cryptovirus story, with the headline/sub "the cops" say SMEs need to be on the look out,

              But really, this situation (and many, many others like it) is the equivalent of plod announcing that a serial killer is on the loose, and that people should stay inside and lock their doors ... when the thin blue line knows very well that almost all of the potential victims have no idea how to use a key (or even have a key ... or a door).

              I'm in full agreement that, in the real world, stuff will go on porning a % of business and individuals so long IT pays well (by remaining complex).

              But when that same system is delivering routing instructions to Chuckiton Couriers' fleet of 3 driverless vans? ... And what about those medical/carer robot gizmos? Let's hope those old folks remember to flash their robot-friend's firmware, when a backdoor is (inevitably) found. When it's time for her colostomy bag to be changed, gotta hope granny isn't following the practices of today SMEs: hoping that 2007 pirate copy of ZoneAlarm - with a sub that expired in 2010 - will get her by ... And that granny can afford the upgrade, when support for her XP version expires next year.

              The original point - of this bit of the discussion - was that email attachments were too unsafe to be allowed. I would have preferred the point be that, unless "you know what you are doing" (or paying someone else who knows) then email attachments are not safe to accept. But the point probably still stands.

              The wider issue is - if something so "simple and everyday" cannot be made safe, then - piling more and more critical things on that same system, to be used by the same users or same skillsets, is asking for a lot of bother.

              Once her robot has granny by the throat, it will cost a lot more than $800 to decrpyt the ReleaseTheOldBatAtOnce routines.

          2. Adrian 4 Silver badge

            Re: @frankalphaxii

            Of course.

            But why do you need to EXECUTE attachments ?

    2. Xxeno

      Fine words except the last bit which is impossible to be imho.

  13. Herby Silver badge

    And why aren't they going after this group??

    Oh, spam isn't that bad, and virus's can't hurt you. Wait until it infects something in Parliament/Congress and lots of congressional staffers have to pony up. Then we might see something about blasting this type of thing.

    Where is the FBI/Scotland Yard when you need them??

    1. silent_count

      Re: And why aren't they going after this group??

      "Where is the FBI/Scotland Yard when you need them??"

      And there it is. You know their response will be a more diplomatic version of, "Oh so now you do want us to keep tabs on the whole internet so that we can swiftly apprehend criminals. We'd like to do a better job of protecting the public but these pesky privacy laws.. "


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019