You may be aware of reports in the press recently of virus attacks known as Gameover Zeus and Cryptolocker. We’ve been inundated with enquiries on this, so we wanted to help you understand it better.
What are Gameover Zeus and Cryptolocker?
Gameover Zeus is a form of malware that uses “spear-fishing” or fake emails to infect target computers with a virus. Once infected, hackers are able to hijack computer sessions and steal confidential and personal financial information. When Gameover Zeus cannot locate any financial information on a computer, some strains of the malware will install Cryptolocker – a “ransomware” program that locks a user’s machine & can encrypt your data until a fee is paid. We have seen Cryptolocker many times & the data encryption it employs is irreversible. Without a backup, your data is lost.
What should I do?
The UK-based GetSafeOnline, a government-backed organisation has published a list of recommendations for users to secure their computers. “This warning is not intended to cause you panic,” the organisation said on its website, “but we cannot over-stress the importance of taking these steps immediately”.
Security tips from GetSafeOnline
- Install security software from GetSafeOnline’s Facebook and Google+ profiles. The free tools will scan your computer to see if you are infected with Gameover Zeus and CryptoLocker, and remove them if necessary.
- Never open attachments unless you are totally confident they are authentic.
- Keep your internet security software up to date.
- Update your Windows operating system with all new Microsoft updates (if running Windows XP, you should be considering replacing your system as security updates from Microsoft ended 4Th April 2014).
- Back up your personal files regularly, including photos, documents, music, contacts and notes. This is *really* important.
Could I already be infected with Gameover Zeus and Cryptolocker?
Yes. Recent intelligence has suggested that more than 15,500 computers in the UK are currently infected (May 2015), with many more potentially at risk.
By disrupting the system used by the infected computers to communicate with each other, and the criminals controlling them, the activity by the NCA and its global law enforcement partners aims to significantly reduce the malware’s effectiveness.
We urge you to protect yourself by making sure internet security software is installed and updated, by running scans and checking that your computer operating systems and software programs are up to date. You should also back up all important information such as files, photos and video in case your PC is locked by CryptoLocker, which encrypts all your files and renders your machine unusable until you pay a ransom – often hundreds of pounds. Businesses should also test their incident responses and business resilience protocols and work with their IT departments or suppliers to educate employees on the potential threat.
Your internet service provider may have sent you a letter or email warning you about this threat. They will know that your computer is infected because the NCA – working with other law enforcement bodies around the world – has taken over thousands of the criminal servers and examined the records. You must follow the advice on this page straight away. Even then, if your computer has been locked down by CryptoLocker, it is too late.
Remember that making sure that updating your operating system and software are good habits to get into so you should be doing this on a regular basis.
Important warning about emails
Cyber criminals will also exploit this situation by sending out further phishing emails claiming to be from your ISP or a law enforcement agency, urging you to click on a link or open an attachment for the remedy. You could also receive a similar email which appears to have been sent by a friend, family member or colleague, but which has actually been sent automatically by a computer infected with the malware and ransomware. Read advice on spam and scam emails at www.getsafeonline.org/protecting-your-computer/spam-and-scam-email
Scan for and remove Gameover Zeus and CryptoLocker malware
Free tools have been specially developed and made available to you by a number of internet security software companies. You can use any of these tools regardless of the make of internet security software you normally use. A list of detection/removal tools can be found on theGetSafeOnline website, but our recommendation is to use MalwareBytes Free malware removal tool to detect and remove the virus if you have it. Our recommended method of preventing infection in the first place is to buy MalwareBytes Premium or Bitdefender, both of which offer excellent protection against viruses.
Report a loss
If you think you have lost money through malware such as Gameover Zeus and CryptoLocker, you should report it to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2040.