Home Office warns of ransomware
We've all seen phishing emails from banks, but now the Home Office has felt the need to issue an alert after scammers have sent out mails apparently coming from the Ministry Of Justice, or from Revenue and Customs.
The scam emails arrive with convincing looking Home Office letterhead graphics and style, and an "RSA Protected Block" which looks like encrypted data in a secure email. Underneath this it reads, "Protected Document: This file is protected with RSA key. Please Enable Content to see this document". If you follow those instructions and open the attachments, a piece of ransomware called TorrentLocker will be downloaded which will scan your hard-drive, encrypt any Microsoft Office files (Word, Excel, Powerpoint), and demand you make a payment of around £330 in Bitcoin to get your files back.
The mail is phrased as if it concerns an upcoming court case, and another similarly-poisoned mail concerns HMRC tax returns. The same crew also appear to be sending out fake British Gas mails. The servers sending the mails and hosting the images are located in Russia and Turkey and variations on this theme are being sent to users in several European countries, but at present the UK seems to be a particular target for attacks, perhaps because it is the time of year when tax returns are completed.
We all need to be vigilant whenever receiving unsolicited mail, and ransomware reminds us how important it is to make sure we have backups of our data in secure off-site storage. If you do receive any phishing scams concerning income tax or passport applications, this Home Office page details who you should report it to.
www.gov.uk/report-suspicious-emails-websites-phishing
29th July 2015