2 weeks to prepare for 'powerful' virus strike-back in major malware offensive
The UK has warned its computer-users they have two weeks to protect their machines from two powerful viruses, GameOver Zeus and Cryptolocker, after a US-led multinational operation announced a coordinated takedown of malware.
There are more than 15,500 computers infected in the UK and many more are at risk, the UK’s National Crime Agency has said, citing “intelligence” assumptions.
It “could cost computer users millions of pounds,” the NCA warned.
The agency is now “urging the public and small businesses” to consult with the government-backed getsafeonline.org website.
“Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them,” Deputy Director of the NCA’s Cyber Crime Unit Andy Archibald said.
However, computer users need to take action immediately, as authorities only have temporary control of communications.
"This warning is not intended to cause you panic but we cannot over-stress the importance of taking these steps immediately. This is because the UK's NCA has taken temporary control of the communications used to connect with infected computers, but expects only a very limited window of opportunity to ensure you are protected," said UK-based Get Safe Online, a government-backed organization that has published a list of software it recommends for the task.
With the warning reaching the public, Get Safe’s website crashed under the number of requests to view its content.
The organization’s Chief Executive Tony Neate insisted that this was not due to a cyber-attack.
The NCA’s warning relates to a strain of malware known as Cryptolocker, which works together with another malware, Gameover Zeus (also known as GOZeus or P2PZeus).
GOZeus is usually downloaded by unsuspecting users in what is known as a phishing attack, often in the form of an email which looks legitimate, but which is in fact designed to trick someone into downloading malicious software.
Once inside someone’s machine, the malware then searches for files containing financial information. If it cannot find anything, it will install Cryptolocker, which locks the computer until a ransom fee is paid.
According to the US-led team of investigators, which include FBI, NCA, and Europol, Gameover Zeus virus estimate that between 500,000 and 1 million computers around the world. A quarter of victims are said to be the US, where computer-users have lost more than $100 million to Gameover Zeus.
Cryptolocker alone infected more than 234,000 machines and won $27 million in ransom payments in just its first two months, the Justice Department said.
In the biggest operation of its kind, servers all over the world were raided simultaneously by the NCA, FBI, Europol, and other authorities.
This meant police could direct what are known as Command and Control (C&C) servers, which hackers and criminals use to control the operation of the botnet. A botnet is a network of home computers often controlled by a criminal gang.
“The scale of this operation is unprecedented. This is the first time we’ve seen a coordinated international approach of this magnitude, demonstrating how seriously the FBI takes this current threat,” Steve Rawlinson from Tagadab, a web-hosting company involved in the bust, told the BBC.
The FBI accuses a Russian called Evgeny Bogachev, who they have identified a ringleader of the gang. Bogachev, 30, is now facing 14 criminal charges alleging that he is the “administrator” of GameOver Zeus. He is also accused of being a leader of the “tightly-knit gang” behind CyberLocker.