The ransomware that knows where you live.
A widely distributed scam email that quoted people's postal addresses links to a dangerous form of ransomware, according to a security researcher.

Andrew Brandt, of US firm Blue Coat discovered that the emails linked to ransomware called Maktub.

The malware encrypts victims' files and demands a ransom be paid before they can be unlocked.

The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link - but that leads to malware, as Mr Brandt explained.

One of the emails was received by You and Yours reporter Shari Vahl.

"It's incredibly fast and by the time the warning message had appeared on the screen it had already encrypted everything of value on the hard drive - it happens in seconds," said Mr Brandt.

"This is the desktop version of a smash and grab - they want a quick payoff."

Maktub doesn't just demand a ransom, it increases the fee - which is to be paid in bitcoins - as time elapses.

A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately $580. This rises to 1.9 bitcoins, or $790, after the third day.

The phishing emails tell recipients that they owe money to British businesses and charities when they do not.

One of the organisations named was the Koestler Trust, a charity which helps ex-offenders and prisoners produce artwork.

"We rely on generous members of the public and we were very distressed when we discovered that people felt they had received emails from us asking for money, when indeed they had not been generated by us at all," chief executive Sally Taylor told You and Yours.

Addresses included..

One remarkable feature of the scam emails was the fact that they included not just the victim's name, but also their postal address.

Many of those targeted have noted that the addresses are generally highly accurate.

According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it's still not clear how scammers were able to gather people's addresses and link them to names and emails.

The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails.

In a statement, the firm said: "Ebay works aggressively to protect customer data and privacy, which is our highest priority.

"We are not aware of any link between this new phishing scam and eBay's data.

"We continually update our approach to customer data security in an effort to create the safest environment possible for our customers."

Fraud body 'inundated'

The UK's national fraud and cybercrime reporting centre has been flooded with queries from people targeted by the scam.

"We have been inundated with this," said deputy head Steve Proffitt.

"At Action Fraud on Monday we received an additional 600 calls and from then onwards we've received 500 calls to our contact centre a day," he added.

Mr Proffitt advised people who had received the phishing emails to under no circumstances click on the link, but instead delete the message from their system and inform Action Fraud.

 Referring specifically to Maktub and the approach taken by the phishers, Dr Murdoch said he believed the scam was "significant" in more ways than one.

"It also appears to be quite widespread - I've heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out," he was quoted as saying.

He added that it was hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware.

For some individuals without backups, paying the ransom might be the only way to retrieve their data.

"However, every person that does that makes the business more valuable for the criminal and the world worse for everyone," he said.

Find out more about our featured Business of the Week - Eco Pool Saver.


HELP Euro Weekly News to HELP promote YOUR business.



T: 952 561 245

This email address is being protected from spambots. You need JavaScript enabled to view it.
EWN Gets it!
  This email address is being protected from spambots. You need JavaScript enabled to view it.


Do you get it? is the newest and brightest professional online business directory for any business based in Spain. Not only does this Spanish business directory attract clients to you, it is backed up by the power of the Euro Weekly News media group. 

EuroWeeklyNews, Spain´s biggest English newspaper, with six newspapers read by half a million people every week; together with the EuroWeeklyNews website packed full of Spanish news, point directly to this site, guaranteeing plenty of online interest for our clients.

We offer flexibility and can tailor listings to individual business needs. You may enter your business into several categories to increase your business opportunities.

We offer ongoing support ensuring you are always in control of the information in the listings for an annual fixed fee. Professional business listing service by EWN Group.

To make sure your business is listed into the best business directory Spain, and guarantee top search engine results, please contact us for more information.


TEL:+34 951 38 61 61


ADDRESS: Avenida Ramon y Cajal 54, Edificio River Playa, Local 2, 29640 Fuengirola, Malaga, Spain