Recently the UK’s National Crime Agency (NCA) announced that they have taken down a large cyber criminal gang working in conjunction with other international intelligence and crime fighting agencys across the world including the FBI. It has halted the spread of a computer malware (malicious software) known as Gameover Zeus that holds your personal files to ransom.
The NCA believe that their interception and disruption to the servers hosting this malware has given us a two week window to protect ourselves against this threat before the criminal gang regroup and start spreading and infecting computers worldwide again.
What is Gameover Zeus?
The malware Gameover Zeus (also known by GOZeus, and P2PZeus) is a malicious program designed to infect a users computer and intercept financial transactions that computers user makes. It has the ability to adjust the destination accounts of these financial transactions resulting in funds going into the accounts of the cyber criminals instead of the intended recipients. It can also detect that if an infected computer is not a viable target for intercepting financial transactions then it will install a powerful encryption program called CryptoLocker which encrypts personal files on the pc such as Pictures, Documents, Music and Video files. It then displays a ransom message informing the victim that the key to decrypt and regain access to their files has been sent to the cyber criminals servers and they have a limited time period to pay a ransom to get the key back or else the key will be destroyed and there will be no way of ever retrieving their files again. It is not clear if paying the ransom (usually amounting to 100’s of £’s) does actually allow the victim to decrypt their files again or whether it is just another way of extorting money from potential victims. Reports from around the internet are mixed, with some claiming they have got their files back and others saying that they paid the ransom and are still left with nothing.
What Can I Do To Protect Myself?
Victims of this attack are usually infected via an attachment to an email either reporting to be a .pdf or a .zip file so be extra vigilant when checking emails and particularly viewing attachments.
Make sure you have a good Internet Security system installed which is up to date.
Perform a full scan of your system to ensure that you are not already infected.
Run a check with an online scanning utility, good ones include:
F-Secure Online Scanner, Microsoft Safety Scanner, and Trend Micro Threat Cleaner.
Finally make sure you have got a backup of any important files, photos and documents on an external backup device such as a memory stick or external hard drive. Once your files are backed up make sure the device is removed from your computer. If you are unfortunate enough to fall victim to this malware your precious files would at least be safe from ransom.
What Happens After 2 Weeks?
The simple answer is nothing, the two week time period is simply an estimate by security agency’s as to how much time computer users have to prepare and protect themselves before new servers are set up by criminal gangs linked to or copying this method of extortion.