Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cryptolocker hit more UK victims than previously realised, researchers find

Four in ten paid ransom, University of Kent survey discovers

Article comments

The Cryptolocker ransom Trojan has probably affected tens of thousands of UK Internet users with many victims choosing to pay the fraudsters, the first independent study of the issue by researchers at the University of Kent has found.

Estimates of the number of victims of Cryptolocker anywhere in the world are few and far between, and UK figures numbers have so far been guesstimates based on anecdotal evidence.

Now for the first time, researchers Eerke Boiten and Julio Hernandez-Castro at the University's Interdisciplinary Research Centre for Cyber Security have given us something to go on and it makes unsettling reading.

The team’s latest cybersecurity survey of 1,502 individuals in the UK conducted during January 2014 found that 9.7 percent had been a victim of ransomware, with 3.4 percent specifying Cryptolocker. Of this group, 41 percent paid up.

Another 1.9 percent paid ransoms for malware other than Cryptolocker (for example the older IcePol and Reveton police Trojans that use bogus threats rather than encryption to extort money).

The prevalence of Trojans making ransom demands is probably to be expected, particularly the well-established police scams that have been around for years. Cryptolocker, by contrast, has managed to affect a few percent of this study group despite only appearing in September 2013.

The researchers urge caution but if the sample is representative it suggests that the malware had probably affected at least tens of thousands of UK-based users in a matter of months. Of these, some thousands have probably paid the ransom demanded, typically around $200-$300.

The infection percentages are in line with those estimated by other sources such as Symantec and Dell SecureWorks. The latter’s sinkhole data reckoned that Cryptolocker had infected perhaps a quarter of a million PCs worldwide between September and December, 1,700 of which were definitely in the UK.

However, the University of Kent data suggests that far more victims are paying up than estimated by Dell SecureWorks which put the conversion rate at from 0.4 percent and up while Symantec’s figure was a bit higher at 3 percent. Using a much smaller sample size, Kent’s number is four in ten of those infected.

"If the results reported on the rate of CryptoLocker victims who pay a ransom are to be confirmed by further research, these figures would be extremely troubling, netting criminals behind the ransomware hundreds of millions,” researcher Julio Hernandez-Castro told Techworld.

“This would encourage them to continue with this form of cybercrime, and also potentially prompting other criminal gangs to jump into this extremely profitable cybercrime market."

According to Hernandez-Castro, further research had revealed that only around half of the victims electing to pay the ransom received an unlock key. The moral of the story: handing over hundreds of dollars is a gamble.

“Paying the ransom seems to be no guarantee of getting your files back.”

Although numbers remain patchy, anecdotes about Cryptolocker’s malevolent effect have become so numerous in recent months they almost form a horror genre within some tech news websites.

Incidents have included a US small legal firm that had its entire document cache encrypted by the malware to a US police department that decided to pay the ransom in an attempt to retrieve important files.

The University of Kent’s survey also found that 11.9 percent had experienced malware infection in 2013, 7.3 percent phishing, 6.2 percent online account attacks, and 3.9 percent online bank attacks. Very few reported these incidents, whether involving losses or not, to official services such as Action Fraud, with a measly 2.7 percent doing so. The overwhelming majority did nothing.

'From the small fraction of victims who have reported cybercrimes in the recommended way, through Action Fraud or the police, we can conclude that official records are significantly underestimating the extent of cybercrime in the UK,' said Interdisciplinary Research Centre for Cyber Security director, Dr Eerke Boiten.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *