The UK’s National Crime Agency has issued a warning advising the ‘Command and Control’ servers used by the cybercriminal gang behind the virus known as Gameover Zeus, have been temporarily disabled. They suggests users have a short window to ensure their computers are clean and secure, before the cybercriminals find a work-around and regain control – potentially unleashing a large scale cyber-attack.
Normally spread as an innocent/official looking link or email attachment, Gameover Zeus silently monitors data and intercepts communications with online banking sites in order to steal login details and passwords. All the while scanning your computer looking for credentials or financial information stored in unencrypted files.
Once it has gathered all available information Gameover Zeus often installs Cryptolocker, a particularly nefarious piece of ransomware, as a parting gift. Cryptolocker uses unbreakable encryption on important files on your computer and extorts a heavy ransom if you trust cybercriminals to restore your files. The only sure-fire solution is to have a backup disconnected from your network.
Even if you feel your PC is secure we recommend taking the following actions as attacks of this nature as usually so stealthily disguised as to be invisible to most PC users.
Here you have some advice at Get Safe Online including:
- Update your operating system and third-party software. Ensure all the updates for Windows, Java, and Acrobat etc. are installed as this will address common weak spots.
- Make sure your internet security software is up-to-date and switched on at all times. One proven by independent means to stop existing and new threats is the minimum requirement – see www.AV-Test.org for suitable vendors including the Free Panda Cloud Antivirus.
- Get a second internet security opinion. Make use of our free disinfector tool Panda Cloud Cleaner to run a further scan on your computer for Gameover Zeus and Cryptolocker software.
- Do not open attachments in emails. Unless you are 100% certain that they are authentic, an email seeming to come from someone you know may have actually been sent by malware from an infected computer. Be SO careful what you open.
- Never store passwords on your computer. Malware such as Gameover Zeus are designed to search your computer for unencrypted passwords and financial credentials. Simple steps can be taken to increase the strength of your passwords.
- Back up your files. Always a sensible solution but often one neglected or forgotten completely. Regularly backing up and checking files will not only mitigate the effects of malware such as Cryptolocker but also if there is a hardware failure, so that should the worst happen, no sensitive or personal files are lost.
What is Panda Security doing to fight against it
o Several different generic routines are pushed out every day.
o Blocking those SPAM campaigns that contains attachments which pretend to be customer support related issues from FedEx, UPS, DHS, etc
o Blocking the URLs domain used by this malware.
o We published several behavioral detections to block any ransomware that tries to cipher files, based on the actions that they carry out before ciphering.
Thanks for this piece to Neil Martin, Marketing Manager Panda Security UK.