What you need to know about Cryptolocker and GOZeus

gozeus malware

Starting on May 30th a conglomerate of law enforcement agencies hailing from eleven different countries led by Europol and the FBI and with support from the private sector, have been working together to curb an online threat. Law enforcement, alongside Internet Service Providers and the Information Security industry, have been attempting to combat two specific malware groups - Cryptolocker and P2PZeuS (aka GameOverZeus).

Those malware groups however have been disrupted due to the efforts of law enforcement agencies. This isn’t to say the threat is negated however. Instead it marks a distinct shift in policing tactics and the number of countries working hand-in-hand shows just how seriously cyber crime is now considered.

Cryptolocker

This malware collective effectively holds your files hostage. An internet user will find those files inaccessible until they pay a ransom of one bitcoin, worth about $600 USD. This insidious threat is a pain and one that can be avoided – or at least that’s what the enforcement agencies believe.

P2PZeuS

This program is a sophisticated evolution of banking malware and it’s aimed at stealing financial information and other credentials that the criminal can then sell on in underground markets.

Both of the above malware programs have a distinct potential to cause havoc and readers that are interested can discover more here.

What’s being done?

The law enforcement agencies have a singular goal – to prevent infected computers from communicating with one another. This significantly has weakened the malware collective’s infrastructure in what’s an effective, but not definitive blow. This is effectively a stopgap and readers should understand that the malicious networks are likely to return to their former strength within weeks, if not days.

What’s interesting is the fact that so many law enforcement agencies have worked together to distil internet security. It marks a new era in collaboration and partnership that crosses borders and is unified by a common online goal – to make the internet safer. The global (and far reaching) ‘posse’ has coordinated attacks to disrupt or take over elements of the Command and Control infrastructure used to spread these malicious malware families. However the ‘internet police force’ cannot do all of this alone and every individual and computer has a role to play.

Check your systems

It’s worth checking your own system to ensure that you’re not already a victim. You can use this free tool to scan your computer for any threats and remove them if found. Readers can download the 32-bit systems or the 64-bit systems – whichever suits. The links are in the article linked.

Remember that we’ve all got a brief window of opportunity whilst the malware infrastructure is weakened. We’re all potential victims so you must make use of this momentary respite. Here’s a checklist of what you need to do:

1.     Use the clean up tools mentioned above

2.     Ensure that your OS is fully up to date – patches included

3.     Run effective (and up to date) security software

4.     Tell others and spread the word – explain the risks

All of the above are good practices anyway, so even if you find that your machine is not infected you’re also ensuring that you’ve got better protection from future malware threats.

National Crime Agency issues warning

The UK National Crime Agency (NCA) has released a specific warning advising Britons to prepare for a cyber attack storm in about two weeks time. The reason for this warning was that only the Botnet has been disrupted meaning that communication channels were broken. This even affected Evgeniy Bogachev – one of the minds behind GOZeuS.

Although significant disruptions have been managed online, there’ve been no arrests in the real world. It’s believed that the hackers will attempt to regroup and re-establish communication links with each other. They’ll also want to infect new systems to recreate the disrupted botnet.

Security companies are working with ISPs to identify any users that may be affected. If that’s you you’ll receive an email from your ISP stating that your system is infected and you’ll need to take appropriate action to eliminate the trojan.

Only Windows affected

If you’re running a Windows machine you run the risk of being targeted. Mac users and Linux users can relax as GOZeuS and Cryptolocker will affect Windows systems only.

Make sure that you check to see if you’re system is infected – don’t just wait for an email from your ISP. Being proactive at this point is perhaps your best defence. Use the links mentioned above or head over to GetSafeOnline (a government backed initiative) and download the tools you need to make sure your system is secure.

Just one quick thought – GetSafeOnline may be behaving erratically. This is due to the amount of traffic headed its way and the volume of downloads requested.

There’s a real danger here then and it’s worth taking it seriously. Change the password on your systems and any other passwords that you can really. It’s not worth taking the risk – but scan for malware first.

Update your system and backup your data as soon as you can and watch out for deceptive emails. Use caution and discretion when opening emails from unfamiliar sources and never click on links or open attachments that you’re not sure of.

Caution should be your watchword here. Use the information above to make sure that you’re not infected and keep a close eye out for any Cryptolocker/GOZeuS related problems – good luck.