A City of London cybercrime unit – the National Fraud Intelligence Bureau (NFIB) - has issued a warning for TorrentLocker ransomware disguised to look as if it's sent from UK institutions and corporations such as the Ministry of Justice, Home Office, and British Gas. TorrentLocker is malicious software that holds a computer for “ransom” until a certain amount of bitcoin is paid.

TorrentLocker is a clone of CryptoLocker, and as such works in a similar manner. Unsuspecting targets of TorrentLocker are usually sent an e-mail, and tricked into opening and installing an attachment. Once they have done that, the malware locks up the computer by encrypting all the files on it. It's only after the victim pays a set amount of bitcoin to a certain bitcoin address that the computer is unlocked.

Furthermore, this latest TorrentLocker malware has an additional feature as well. Instead of just attachments, the new e-mails also include links to a web page. If this link is followed, users are asked to fill in a CAPTCHA box with the code provided. And once this code is submitted, TorrentLocker will automatically download onto the targeted computer to – similarly - encrypt all files and demand a ransom.

In this latest series of attacks, victims are led to believe that the emails are originated from energy and home services provider British Gas, the Home Office ministerial department, or the Ministry of Justice. In the case of the British Gas emails, victims are told to open their latest “bill” or “statement.” The Ministry of Justice and Home Office emails contain information on an upcoming “court case.” Once TorrentLocker is installed, victims are required to pay £330 (US$514) in bitcoin.

British national fraud and cybercrime reporting center Action Fraud logo

In an initial response to inquiries by Cointelegraph, the British national fraud and cybercrime reporting center Action Fraud emphasized that authorities often won't have any way of returning paid bitcoins to to the victims.

An Action Fraud spokesperson said:

“[If a victim of the TorrentLocker reports to the police,] the NFIB will assess the report to determine if any viable leads for investigation can be referred [...] At every stage Action Fraud nor the police can never guarantee that any victim will ever get any money back which has been paid.”

The NFIB advices readers not to open attachments from unsolicited emails and to definitely not click on the link supplied. Additionally, NFIB suggests to update anti-virus software regularly, and to back up all important files to store them off the computer's network. Victims of TorrentLocker are advised to disconnect their computer from its network and contact NFIB.

It is as of yet unknown how many people have fallen victim to TorrentLocker. A 2014 report, however, indicates that more than 98% of victims refuse to pay the ransom.

Cointelegraph reached out to the NFIB, but received no response at time of publication.