Recently the UK’s National Crime Agency (NCA) announced that they have taken down a large cyber criminal gang working in conjunction with other international intelligence and crime fighting agencys across the world including the FBI. It has halted the spread of a computer malware (malicious software) known as Gameover Zeus that holds your personal files to ransom.
The NCA believe that their interception and disruption to the servers hosting this malware has given us a two week window to protect ourselves against this threat before the criminal gang regroup and start spreading and infecting computers worldwide again.
What is Gameover Zeus?
The malware Gameover Zeus (also known by GOZeus, and P2PZeus) is a malicious program designed to infect a users computer and intercept financial transactions that computers user makes. It has the ability to adjust the destination accounts of these financial transactions resulting in funds going into the accounts of the cyber criminals instead of the intended recipients. It can also detect that if an infected computer is not a viable target for intercepting financial transactions then it will install a powerful encryption program called CryptoLocker which encrypts personal files on the pc such as Pictures, Documents, Music and Video files. It then displays a ransom message informing the victim that the key to decrypt and regain access to their files has been sent to the cyber criminals servers and they have a limited time period to pay a ransom to get the key back or else the key will be destroyed and there will be no way of ever retrieving their files again. It is not clear if paying the ransom (usually amounting to 100’s of £’s) does actually allow the victim to decrypt their files again or whether it is just another way of extorting money from potential victims. Reports from around the internet are mixed, with some claiming they have got their files back and others saying that they paid the ransom and are still left with nothing.
What Can I Do To Protect Myself?
Victims of this attack are usually infected via an attachment to an email either reporting to be a .pdf or a .zip file so be extra vigilant when checking emails and particularly viewing attachments.
Make sure you have a good Internet Security system installed which is up to date.
Perform a full scan of your system to ensure that you are not already infected.
Run a check with an online scanning utility, good ones include:
F-Secure Online Scanner, Microsoft Safety Scanner, and Trend Micro Threat Cleaner.
Finally make sure you have got a backup of any important files, photos and documents on an external backup device such as a memory stick or external hard drive. Once your files are backed up make sure the device is removed from your computer. If you are unfortunate enough to fall victim to this malware your precious files would at least be safe from ransom.
What Happens After 2 Weeks?
The simple answer is nothing, the two week time period is simply an estimate by security agency’s as to how much time computer users have to prepare and protect themselves before new servers are set up by criminal gangs linked to or copying this method of extortion.
An old scam is currently doing the rounds again specifically targeting the Sheffield and Dronfield Postcodes.
The scam consists of someone calling you at home and stating that they are from Microsoft or an Authorised Representative of Microsoft. They continue by saying that they are aware that you have been experiencing problems with your computer and they want to help you fix them. They will then persuade you to go to your computer, log onto the Internet and allow them to remotely access your system. After showing you several screens listing numerous problems, faults, errors or bugs, (all of which are false/non existent on your computer) and having judged that they have won over your confidence, they will then continue with either a hard sell of support or repair services, or even worse, slip on a real virus/keylogger on your system to try and steal identity details, usernames/passwords, or bank/credit card details.
If you receive such a call, clearly state to the caller that you are aware that they are a scam and hang up. Hopefully indicating that you are aware of their scam will deter them from attempting to ring in the future.
If you believe you may have fallen victim to this particular scam, refrain from conducting any secure or financial transactions using your computer, such as online banking or shopping and call your bank/building society immediately and then give PC Care a call and let us check over your system to make sure it is safe to use online and that they have not been able slip on any unwanted malware. We can remove any malware/keyloggers that may be present and make sure your system is safe and secure, giving you back peace of mind. Even if you have a good Internet Security system, it may not pick up on the malware they have placed on your system as they have had direct access to your computer and could have disabled your security software or created an exception to prevent it seeing their bug as a threat.
Over the last few weeks PC Care has seen a sharp increase in the number of clients contacting us regarding infections on their computers. Most of these viruses appear to be fake security or system optimisation programs that are either trying to get the user to download infected programs/files or obtain money or credit/debit card information.
These attacks try to panic the user into believing there is a problem with their system by displaying pop up messages, changing their desktop wallpaper, blocking access to certain features or functions of their system or displaying some form of animation pretending to scan their system.
If you suspect one of these fake programs has got into your system do not click on any of its buttons or links, not even the close or red X at the top right of its window as this can trigger the downloading of further malicious code. If you have a reputable anti virus program try running a full computer scan to see if it will detect and remove the threat. If you are unsure about the security of your computer or how to scan for viruses then give PC Care a call and we will happily offer any advice we can and safely remove any malware from your PC.