The Jersey Fraud Prevention Forum (JFPF) has today issued an alert to local businesses and members of the public following reports in the last 24 hours from businesses who have been sent online extortion demands from scammers threatening a cyber attack.
The scammers have been sending emails to businesses demanding payment of between £300-£500 in Bitcoins by a certain date and time.
If the demands are not met, the scammers have threatened to launch a cyber attack against the businesses and steal their data.
The emails also claim that once actions have started, they cannot be undone. Although these scammers are currently calling themselves ‘RepKiller’, it is common for fraudsters to continually change and adopt new tactics – email names can be made and changed easily – so people need to be alert, vigilant and exercise extreme caution.
What to do if you receive one of these emails?
Whether the attack is attempted or successful, you should report it to the States of Jersey Police on 612 612 or email firstname.lastname@example.org
- Do not pay the demand. There is no guarantee the scammers won’t launch an attack and could encourage further extortion demands in the future
- Retain all the original emails. Should law enforcement investigate, the information contained within the email headers can be used as evidence
- Maintain a timeline of the attack recording all times, type and content of contact.
Notes to Editors:
What is ransomware?
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker). Other ransomware use TOR to hide C&C communications (called CTB Locker).
The ransom prices vary, ranging from £16 ($USD 24) to more than £425 ($USD 600), or even its bitcoin equivalent. It is important to note, however, that paying for the ransom does not guarantee that users can eventually access the infected system.
Users may encounter this threat through a variety of means. Ransomware can be downloaded by unwitting users by visiting malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware are delivered as attachments to spammed email.
Once executed in the system, a ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password. In the first scenario, a ransomware shows a full-screen image or notification, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware locks files like documents, spreadsheets and other important files.
How to protect your computer from ransomware?
- Make sure you have updated antivirus software on your computer
- Ensure that you have malware protection as well as anti-virus software on your computer. (Some anti-virus products have a malware checker embedded)
- Don’t open emails from addresses you don’t know
- Hover over links before you click on them, if you think the address is suspicious, don’t click
- Enable automated patches for your operating system and web browser
- Have strong passwords, and don’t use the same passwords for everything
- Use a pop-up blocker
- Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars)
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly
- Use the same precautions on your mobile phone as you would on your computer when using the Internet
- To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.