The UK’s National Crime Agency has warned people have just two weeks to protect themselves against the Cryptolocker ransomware and a strain of the ZeuS password-slurping malware – before both return from the dead.
The alert comes after the cops "disrupted" the systems remotely controlling the software nasties – which could mean anything from knocking them offline to physically seizing machines. The cyber-plod isn't saying.
The NCA worked with the FBI, Europol and other agencies to knackered the command and control (C&C) servers that were managing a major network distributing the GameoverZeuS Trojan and the infamous Cryptolocker ransomware.
NCE operatives warned that it’s only a matter of time before the miscreants behind the botnet set up new C&C servers and regain control.
The agency said the standoff “will give the UK public a unique, two-week opportunity to rid and safeguard themselves” from both GameoverZeuS and Cryptolocker. However, Rik Ferguson, veep of security research at Trend Micro, said in a blog post that folks may not even have that long.
“The ultimate goal of the law enforcement activity is to prevent infected computers from communicating with one another, significantly weakening the criminal infrastructure. While this blow is effective, it is not permanent and we expect the malicious networks to return to their former strength within weeks, if not days,” he warned.
People are being advised to install or update security software and to check that operating systems and applications are up to date. Folks should also back up important data onto unconnected storage, while businesses need to check their incident response and resilience protocols.
More than 15,000 computers in Blighty alone have been hit by the ZeuS malware, which figure includes those hit by the GameoverZeuS and P2PZeuS strains. According to the NCA, ZeuS is responsible for nicking hundreds of millions of pounds globally.
Once downloaded onto a machine, and decrypted, GameoverZeuS starts sniffing around for bank account passwords and other financially sensitive info. If it can’t find anything useful, some strains of the software will “call in” Cryptolocker, a form of ransomware that encrypts the victim's device unless they pay a ransom to have it decrypted. The going rate for the ransom is about one Bitcoin (£200 to £300) in the UK, according to the NCA.
Although ISPs have started advising their users about the threat, the NCA urged users to immediately sort out their security software.
“Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them,” said Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit.
“Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.” ®