Three men have been arrested in connection with a ‘ransomware’ scam that used the Metropolitan Police Service’s logo to trick victims into paying a £100 ransom.
The malware infection would freeze the victims computer and display a splash screen. The screen claimed that the victim’s PC was being monitored by the police because they had committed online offecnes, and demand a £100 payment.
"The splash page features police logos usually including that of the Metropolitan Police Service (MPS) or the [Police Central e-Crime Unit] and purports to be an official notice from these organisations," the Met said in a statement today.
A man and a woman in their thirties from Stoke-on-Trent were arrested on 11 December "on suspicion of conspiracy to defraud, money laundering and possession of items for use in fraud". Another man was held on a fraud charge.
"The arrests shows we are determined to combat this type of crime. I remind all computer users that police do not use such a method to impose or enforce fines, so if you are confronted by such a page do not enter any of your details." said Detective Inspector Jason Tunn.
The news follows an apparent outbreak of ‘ransomware’ in Australia.
In September, the owner of TDC Refrigeration and Electrical in Alice Springs revealed that he had paid AUS$3,000 (£2,000) after his systems were hacked and his data remotely encrypted.
"I switched the computers on and noticed some weird screens," Jeremy Spoehr told ABC. "One of them said it was going to invade my computer with child pornography."
"The police haven’t been much help," Spoehr said. "Because it’s offshore hacking it’s really out of their jurisdiction, they’ve said there’s nothing they can do."
A month later, the owner of an unnamed business in Queensland told local newspaper the Warwick Daily News that she had paid a AUS$4,000 (£2,600) ransom for the return of her data.
"We don’t feel good helping an immoral crook, but when we recovered no support from the police we felt we had to go it alone. It was against their advice to pay and obviously we don’t relish it, but we made a financial decision in the interests of our business."
And in early December, a nearby medical centre said its data was being held to ransom, again for AUS$4,000. "At this point, most probably, their only option is to pay," said Nigel Phair, director of Australia’s Centre for Internet Safety.
The medical centre’s co-owner David Wood told ABC that he did not think it had fallen victim to ‘ransomware’ – malware that encrypts data and demands a ransom. "We’ve got all the antivirus stuff in place; there’s no sign of a virus. [Hackers] literally got in, hijacked the server and then ran their encryption software," he said.
However, the Queensland Police Service believes that ransomware is indeed behind the outbreak. "At this stage it appears that infected websites are responsible for the problem," detective superintendent Brian Hay said in a statement.
According to security firm Symantec, ransomware is "a growing menace". The first examples of ransomware were discovered in 2009, it said in a recent whitepaper, but it has since become widespread. One ‘family’ of ransomware was found to have infected over 68,000 PCs and is believed to have earned its operators $680,000 per month.
Symantec’s advice to victims of ransomware is "DO NOT PAY THE RANSOM". It suggests taking steps to remove the infection.
