A ransomware campaign is targeting tens of millions of banking customers, both consumers and businesses, in the United Kingdom, according to an alert from the Cyber Crime Unit of England's National Crime Agency.

The phishing e-mails, which purport to be from banking institutions, contain malicious attachments that automatically download the ransomware known as Cryptolocker.

Ransomware is a type of malware that hijacks a user's computer by taking control of its monitor or screen, locking the system and then displaying a ransom message. Typically, these messages appear to be from law enforcement agencies or some other trusted source, such as, in this case, a banking institution (see Trojans Tied to New Ransomware Attacks).

To fool consumers, ransomware attacks typically include a message that claims the targeted user owes back taxes or some type of payment to the bank. Unless a fee or penalty is paid, the computer will remain locked, the ransomware often claims.

Experts say these types of ransomware attacks are on the rise worldwide, and like any malicious attack, banking institutions have to be dilligent about informing customers of the risk. Still, even the best educational campaigns typically can't prevent all unsuspecting users from falling for these schemes.

The Cryptolocker Attack

The Cryptolocker attack displays a splash screen with a countdown timer and a demand for 2 Bitcoins in ransom totaling approximately £536 [U.S. $863] to receive the decryption code to unlock the system, according to the National Crime Agency. The agency's announcement does not go into detail about the attack, but experts say other Cryptolocker-based schemes have featured effective, authentic-sounding messages.

Researchers at security firm TrendMicro earlier this month blogged about the emergence of Cryptolocker.

"The past few weeks have seen the ransomware CryptoLocker emerge as a significant threat for many users," writes Maria Manly, an anti-spam research engineer at TrendMicro. "Our monitoring of this threat has revealed details on how it spreads, specifically its connection to spam and Zeus [a banking Trojan]."

Daniel Cohen, a researcher in the online threats managed services department at security firm RSA, says the use of Cryptolocker, and other types of ransomware has surged this year. "Ransomware made a big return during 2013 globally," he says, in spite of being a relatively old type of malware.

Banking institutions in the U.K. have made considerable investments in anti-malware technologies and solutions, says Avivah Litan, a financial fraud expert and analyst for the consultancy Gartner. But they can't keep up with the fraudsters' emerging schemes, she says.

As a result, about 20 percent of the emerging malware attacks institutions face worldwide will succeed, she predicts.

But banking institutions struggle to help protect endpoints, such as consumer's computers, that they don't control, she adds.

Banking institutions in the U.K. take steps to educate customers, Litan says, "and they have also set up a highly effective threat information sharing group between the private sector [mainly banks] and government agencies. That kind of public-private information sharing has helped law enforcement in the U.K. shut down servers linked to ransomware e-mails, Litan says.

Andrew Yeomans of The Open Group Jericho Forum, an independent international group of information security thought-leaders, says most banking institutions are probably already aware of Cryptolocker, but there is little they can do to prevent their customers' computers from being infected.

"The current Cryptolocker malware doesn't affect bank accounts; it just encrypts the user's local data, so the banks won't see anything," he says. "Common antivirus products block this malware anyway."