You cannot fail to have seen the news reports regarding the Game Over Zues and CryptoLocker threatening your computer and holding your computers sensitive data to ransom. We explain the threat, how to avoid it, check for it and if necessary how to remove it.
What is it?
It is actually a two part threat referring to Game Over Zeus (GOZ) and CryptoLocker.
GOZ and CryptoLocker are both termed as malware which is a shortened form of the two words 'malicious software'. Malware's primary function is to basically cause havoc with the computers normal function, gather sensitive data or allow access to private computer systems.
GOZ uses a peer to peer (P2P) network to download its configuration file. If the peers no longer exist it uses what is called a domain generation algorithm (DGA) to connect to a randomly generated controller to obtain its configuration file. steals credentials used in banking and finance-related sites. Goz then proceeds to steal credentials used in online banking and any finance-related sites.
There are different types of malware and CryptoLocker is termed as ransomware. Ransomware infects the computer and in doing so restricts access to the genuine computer user and demands payment for the removal of the restriction. In this instance CryptoLocker not only locks down the users data contained on the computers hard drive but also encrypts files on the users computer. The tactic used here is to ensure that the victim pays the ransom to the cyber criminals who then may or may not provide the key in order for the files to be decrypted.
How do I get infected?
The infection process starts when a spammed message is received with a malicious attachment. If the attchment is opened this then downloads and executes a malicious .exe file. After connecting to randomly generated domains a public key is used to encrypt various files on the victims computer, usually of the type .doc, .docx, .xls and .pdf amongst others.
How do I know I am infected and my files have been encrypted?
Either the wallpaper will be changed to the following or a warning window similar to that below will be shown.
How could this affect me?
The malware may lead to financial loss, as the stolen online banking credential may be used to initiate unauthorized transactions in the first part of the pay load.
Those affected by this threat can find their documents inaccessible due to Cryptolocker's encryption which may result in data loss as well as the user's productivity impacted if their system contains work-critical documents.
Protection is bettter than cure.
As the saying goes prevention is better than cure and nothing could be more true in this context.
How can I avoid this threat?
- Check your emails carefully.
- Avoid clicking on links within emails.
- Backup your data particuarly your sensitive data.
- Keep all your software up to date with the latest security patches.
- Use an anti malware solution on your computer.
- Utilise any anti malware that your email provider uses, this can stop any threats before they even get to your computer.
- Consider creating an account with limited permissions on your computer and use this for regular daily login rather than using your administrator account.
I Havent Had Any Warnings Does That mean I am Safe?
No! The very nature of this threat means that malware can be sat on your omputer ready to strike and has yet to release its payload.
Various anti malware companies have provided specially created programs to test for the threat and remove it, here are a few links you might try below. Remember if one of these programs finds the malware and removes it you should still ensure that you following the prevention steps above AND make sure you review all your login credentials particuarly for financial institutions as this may have already been comprimised whilst the malware was active on your computer even though its now deleted.
I have received the warning telling me my files are encrypted, what can I do?
Unfortunately once the threat has realised it's full potential it is highly unlikely you will be able to recover the files encrypted on your computer unless you have them backed up elsewhere. This is why you it is important that you backup your sensitive and important files on a regular basis.
Should I just pay the ransom?
No! If you are unfortunate enough to find your important files encrypted by the malware without any backup you should think very carefully about handing over any funds to Cyber Criminals. Remember your dealing with unscrupulous individuals and payment has no guarentees of the encryption key being provided and secondly payment is funding untold activities that cyber crime is used to subsidise.
Long story short....
- Follow the steps to keep yourself safe in the first place.
- Use one of the specially created programs to test if your under threat.
- Keep following step 1.