New warning about scam emails containing ransomware

July 13th 2015

A new warning has been issued to individuals and businesses about emails being sent by cyber criminals claiming to be from British Gas, Ministry of Justice and Home Office that contain TorrentLocker ransomware.

For information and advice on the dangers of ransomware, click here.

TorrentLocker belongs to the crypto-ransomware family and is designed to encrypt all the files on a machine and any server it is attached to.

In order to retrieve the files a ransom demand is made and is usually requested to be paid in Bitcoin. One victim who reported to Action Fraud said after their computer was infected with the ransomware it demanded the equivalent of £330 in Bitcoin.

The National Fraud Intelligence Bureau (NFIB) – which has issued the warning – has identified two main methods currently being used by cyber criminals to trick victims to downloading the virus:

1. The British Gas emails contain an attachment or a link for victims to click to view their latest “bill” or “statement”.

2. The Ministry of Justice/Home Office emails also contain a link or an attachment which contains information on an upcoming “court case”. 

In a new twist, if you follow the link instead of downloading the attachment you are asked to fill in a CAPTCHA box with the code provided. Once the code is submitted, TorrentLocker will download on to your machine and will immediately encrypt all your files and demand a ransom.

How to protect yourself

– Do not open attachments from unsolicited emails regardless of who they are from. 

– Do not click on the link supplied. Instead, go to the relevant website and log in from there. Remember that fraudsters can “spoof” an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of any such attachment or link.

– Update your Anti-Virus software and operating systems regularly. 

– Back up all your important files and store them off your network. Please remember that if a device is attached to the infected machine the files on this could also be encrypted by the virus so ensure they are kept on a separate device or cloud storage to ensure they are not lost.

– Where a computer becomes infected it should be disconnected from the network, and professional assistance should be sought to clean the computer.

– Various antivirus companies offer remedial software solutions (although they will not be able to restore encrypted files).

– If you are a victim, report it to Action Fraud.

To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use their online fraud reporting tool.

Information and photo courtesy of Action Fraud.


By Get Safe Online

Written by

In partnership with