New virus threat – GameOver Zeus

In November 2013 we brought you a blog post about the CryptoLocker virus, which forms part of a new virus threatening computers worldwide called GameOver Zeus. The intention of this virus is to obtain financial and banking details and return this data via a botnet. The National Crime Agency in the UK and the FBI have warned against “highly sophisticated” malicious software, one of which has already resulted in £60 million disappearing from victims’ bank accounts.

As a reminder, CryptoLocker is known to be spreading by the following three methods:

  • Attached to emails which pretend to be customer support related issues from FedEx, UPS, DHS, etc.  When opened, the attachment will infect the computer.
  • Via exploit kits located on hacked web sites which exploit security vulnerabilities on your computer to install the infection
  • Through Trojans which pretend to be programs required to view online videos

Once your data has been encrypted, a window will appear demanding a ransom in US dollars and display a number of methods of making payment, a countdown will appear showing when the ransom must be paid. If the payment is not made before the countdown ends the decryption tool is removed rendering your encrypted data inaccessible. Reports suggest that even once the ransom payment is made, data is not decrypted either at all or in its entirety.

Update June 2014

The FBI and crime agencies from across the globe have temporarily disrupted one of the most aggressive computer viruses ever seen, but are warning victims they have two weeks to protect their computers before the hackers seize it back.

Digital police from across the globe have claimed success in disrupting the criminal operation behind the ransomware, known as Cryptolocker.

The UK’s National Crime Agency (NCA) has told British victims that they have a two-week window to protect themselves, after working with the FBI, Europol and other law enforcement bodies to temporarily seize control of the global network of infected computers.

Cryptolocker is now disabled, but the NCA said it was a race against time before the hackers circumvent their block on it.

(Source: Guardian 02/06/2014)

Tips to Prevent Infection

Members of the public can protect themselves by ensuring that they have security software installed and up to date, and run regular scans. Operating systems and applications should also be kept up to date, as viruses can also exploit unpatched flaws in these in order to gain “backdoor” entry into your machine.

Whilst we are doing all we can for our clients to reduce the threat of CryptoLocker, we are encouraging all clients not to open attachments from unknown sources or from emails that appear to be from a legitimate source but are suspicious. Instead we ask that this is reported to our helpdesk so we can investigate and take appropriate action.

  • Be wary of all unsolicited emails
  • Do not click on links or download attachments in emails if you are not 100% sure they are legitimate
  • Be suspicious of emails from well known organisations such as banks, shipping and logistics companies, companies house and airlines.
  • Be particularly wary of .zip files and dropbox links in emails.
  • You should even be wary of emails from known contacts such as friends and family. If they have been infected, the virus can hijack their email account and use it to send out mass emails to their contact lists.

Learn more about GOZeus and Cryptolocker.