British officials issued an unusually stark alert about a cyberscam that locks users out of their computers unless they pay a ransom, saying Friday that tens of millions of people may soon be targeted.
In a warning headlined "URGENT ALERT," Britain's National Crime Agency said they were aware of a "mass email spamming event that is ongoing" and urged computer users to beware of messages purporting to come from their bank.
Tony Neate, the chief executive of British Internet safety group GetSafeOnline, said it was noteworthy that the agency — often described as Britain's equivalent of the FBI — had sent out such a strongly worded alert about a cyberscam.
"They're only going to do it if they think it is serious," he said in a telephone interview.
The scam targeting Britons works by tricking people into downloading CryptoLocker, a new brand of malicious software that encrypts a user's hard drive, effectively putting their photos, documents, and other data under lock and key.
A 72-hour countdown clock appears on the screen warning that the files will be lost irrevocably unless a ransom is paid, either through Bitcoin — a tough-to-trace cybercurrency — or MoneyPak cash cards. Ransoms tend to be $100 or $300, according to BleepingComputer, a security website that has closely tracked CryptoLocker's spread.
Users who've paid the ransom have reported that their files are decrypted within a few hours, but Britain's crime agency warned that it did not endorse the payment of ransoms to criminals and warned that "there is no guarantee that they would honor the payments in any event."