The Cryptolocker ransom Trojan has probably affected tens of thousands of UK Internet users with many victims choosing to pay the fraudsters, the first independent study of the issue by researchers at the University of Kent has found.
Estimates of the number of victims of Cryptolocker anywhere in the world are few and far between, and UK figures numbers have so far been guesstimates based on anecdotal evidence.
Now for the first time, researchers Eerke Boiten and Julio Hernandez-Castro at the University's Interdisciplinary Research Centre for Cyber Security have given us something to go on and it makes unsettling reading.
The team’s latest cybersecurity survey of 1,502 individuals in the UK conducted during January 2014 found that 9.7 percent had been a victim of ransomware, with 3.4 percent specifying Cryptolocker. Of this group, 41 percent paid up.
Another 1.9 percent paid ransoms for malware other than Cryptolocker (for example the older IcePol and Reveton police Trojans that use bogus threats rather than encryption to extort money).
The prevalence of Trojans making ransom demands is probably to be expected, particularly the well-established police scams that have been around for years. Cryptolocker, by contrast, has managed to affect a few percent of this study group despite only appearing in September 2013.
The researchers urge caution but if the sample is representative it suggests that the malware had probably affected at least tens of thousands of UK-based users in a matter of months. Of these, some thousands have probably paid the ransom demanded, typically around $200-$300.
The infection percentages are in line with those estimated by other sources such as Symantec and Dell SecureWorks. The latter’s sinkhole data reckoned that Cryptolocker had infected perhaps a quarter of a million PCs worldwide between September and December, 1,700 of which were definitely in the UK.
However, the University of Kent data suggests that far more victims are paying up than estimated by Dell SecureWorks which put the conversion rate at from 0.4 percent and up while Symantec’s figure was a bit higher at 3 percent. Using a much smaller sample size, Kent’s number is four in ten of those infected.
"If the results reported on the rate of CryptoLocker victims who pay a ransom are to be confirmed by further research, these figures would be extremely troubling, netting criminals behind the ransomware hundreds of millions,” researcher Julio Hernandez-Castro told Techworld.
“This would encourage them to continue with this form of cybercrime, and also potentially prompting other criminal gangs to jump into this extremely profitable cybercrime market."
According to Hernandez-Castro, further research had revealed that only around half of the victims electing to pay the ransom received an unlock key. The moral of the story: handing over hundreds of dollars is a gamble.
“Paying the ransom seems to be no guarantee of getting your files back.”
Although numbers remain patchy, anecdotes about Cryptolocker’s malevolent effect have become so numerous in recent months they almost form a horror genre within some tech news websites.
Incidents have included a US small legal firm that had its entire document cache encrypted by the malware to a US police department that decided to pay the ransom in an attempt to retrieve important files.
The University of Kent’s survey also found that 11.9 percent had experienced malware infection in 2013, 7.3 percent phishing, 6.2 percent online account attacks, and 3.9 percent online bank attacks. Very few reported these incidents, whether involving losses or not, to official services such as Action Fraud, with a measly 2.7 percent doing so. The overwhelming majority did nothing.
'From the small fraction of victims who have reported cybercrimes in the recommended way, through Action Fraud or the police, we can conclude that official records are significantly underestimating the extent of cybercrime in the UK,' said Interdisciplinary Research Centre for Cyber Security director, Dr Eerke Boiten.