Ransomware emails claim to come from Department of Homeland Security

April 4, 2013

Those who frequently check their email need to always be wary of phishing scams, as they can take on any form. In a recent incident, scammers sent out emails claiming to be from the Department of Homeland Security and demanded money to reinstate the use of the user’s computer. Homeland Security's U.S. Computer Emergency Readiness Team, otherwise known as US-CERT, published an alert on its website letting people know of the ransomware attack.

"Users who are being targeted by the ransomware receive an email message claiming that use of their computer has been suspended and that the user must pay a fine to unblock it," according to the warning, adding that the ransomware claimed to be from US-CERT and the National Cyber Security Division.

Ransomware encrypts files before demanding payment to unlock them. The US-CERT alert advised users to use caution if they get a questionable email and said not to click the message or submit any information to the website.

Ransomware has been in heavy use under the guise of scammers who want users to believe they are from legitimate organizations, such as the United States Department of Justice or Federal Bureau of Investigation. One unique characteristic of these attacks is that once a user is infected with the malware, it will sometimes browse the user's internet history and use the information to call out potentially illegal activity, such as music downloads. The malware may also list the device's actual IP address, which can scare the user into paying money.

Scams of this variety also claim to be from the police, a trend of that is likely to become more prominent in 2013. Everyone should be aware of this variety of phishing and ensure email security solutions are implemented to detect the false emails and malware.

Move easily from Postini and Google Apps to McAfee

Learn More