The latest ransomware scheme knows where you live, demands over $500

A phishing email that publishes your physical address has been doing the rounds this week, and has been used to deliver a nasty form of ransomware.

BBC News first reported on Wednesday that thousands of people have received the email. A radio reporter from BBC Radio 4 got one of these emails and points out that it was “exact” with his postal address.

“When I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address,” said the reporter.

As for the content of the email, it was classic fare, as the message told the recipient he or she owed some company or charity £800. But the emails may be more dangerous than the usual phishing scam.

US security firm Blue Coat contacted the reporters to warn them that the emails contain a version of ransomware called Maktub that rapidly encrypts your system’s files and holds them hostage. Maktub is also unique in that it increases the ransom demand the longer your take to pay it. On the first day it demands about $580 worth of Bitcoin. By day three, that jumps to $790.

The most puzzling aspect of this newest ransomware delivery method is how exactly the fraudsters know the recipients’ postal addresses, which is a form of social engineering and helps in making the email look much more legitimate. It remains unclear for now, but the addresses have most likely been lifted from a stolen database as the result of a data breach somewhere.

The Maktub ransomware itself has been around for a few weeks. It was one of the various strains of the virus that has been infecting hospital servers and almost bringing care services to a standstill. It’s still unknown who the source of Maktub is but as The Register reports, it won’t infect systems using the Russian keyboard locale, which may hint at least to the nationality or location of the culprits, and we’ve already seen some evidence of hackers tailoring their viruses to only hit particular countries.