URGENT: UK computers at risk of ransom attack

15th November 2013

If you receive an unexpected or unsolicited email from a bank or other financial institution (even if it is one you do business with), be extremely cautious about opening it.

For information and advice on spotting and dealing with spam and scam emails, click here
For information and advice on protecting yourself from ransomware, click here

The UK's National Crime Agency has been alerted about a possible mass email spamming event that is ongoing, where people are receiving emails purporting to be from financial institutions. It is thought that both the general public and small businesses are being targeted, with tens of millions of people affected. The Agency is calling this a "significant risk".

It is thought that the emails may be sent out to tens of millions of UK customers.

The emails carry an attachment that appears to be correspondence linked to the email message (for example, a voicemail, fax, details of a suspicious transaction or invoices for payment). This file is in fact malware that can install a piece of ransomware known as Cryptolocker, which encrypts your files on the infected machine and the local network it is attached to.

Once your computer is affected, it will display a screen with a count down timer and a demand a ransom payment of 2 Bitcoins (equivalent to approximately £536 at today's date) for the decryption key needed to unlock the computer. There is no guarantee that payment of the ransom would actually unlock the computer.

Lee Miles, Deputy Head of the National Cyber Crime Unit (NCCU) says "The NCA are actively pursuing organised crime groups committing this type of crime. We are working in cooperation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public."

The NCCU is investigating the source of the email addresses used. Anyone who is infected with this malware should report it via


Do not to click on any such attachment.
– Ensure your internet security software and operating system are up to date.
– Back up your user files routinely and preserve them off the network. 
– If a networked computer becomes infected it should be disconnected from the network, and professional assistance should be sought to clean it.
– Various antivirus companies offer remedial software solutions (though they will not restore encrypted files).

Written by

In partnership with