As you have probably read in the media recently, computer users are being urged to protect their machines from viruses and malware “within the next two weeks”, to protect against data being lost or stolen. This is naturally very concerning, and we have received a number of enquiries from customers asking for more details, so here is what you need to know….
The first thing to point out is that the two viruses in question are GOZeus and Cryptolocker, neither of which are new, they have been around for some time and we first saw infections in relation to these going back to last Autumn. The reason for concern now is that the network of computers (known as a Botnet) controlled by the criminals behind the viruses have been shut down temporarily by various law enforcement agencies. However, shutting down a Botnet is difficult and expensive, and it is likely that criminals will be able to re-establish their network within the next two weeks, essentially reactivating the virus.
So what are GOZeus and Cryptolocker?
GOZeus is a type of malware that infects your computer and provides a back door for criminals into your computer, it is primarily used to identify and steal financial information. Cryptolocker is a type of ransomware which works in conjunction with GOZeus. Cryptolocker is particularly concerning as it silently encrypts any documents, pictures, music etc on your PC and any other PC (or Server) on the same wired or wireless network it is able to access. Once the files are encrypted, they are inaccessible and a pop up will then be displayed on screen demanding payment in order to make the files accessible again. In most cases, even after payment the files remain encrypted, rendering them useless and 100% unrecoverable.
Example Cyrptolocker ransom message (click to enlarge)
How to stay safe?
- The best way to stay safe is always remain vigilant. GOZeus and Cryptolocker typically spread via an email with an attachment (usually a compressed zip file) or via a link in an email. You should NEVER open an attachment in an email, or click a link in an email if you do not recognise the sender, or the content of the email. Remember, criminals will often go to great efforts to make their emails look genuine, or that they have come from a genuine source (HMRC or your bank for example) so you really do have to be careful. As an additional security measure, we have restricted the ability to receive ZIP file attachments via email for some of our customers. ZIP files are not usually exchanged in a normal business environment, so the benefits of filtering out any emails with ZIP file attachments far outweighs the occasional inconvenience this may cause. If you would like us to implement this, then please email email@example.com
- Always ensure you have adequate virus protection, and that it is up to date. Be sure to run a full virus scan periodically, and remove any infections identified.
- Ensure that any updates for your Operating System have also been installed. On a Windows PC this can be done via “Windows Update” in the Control Panel.
- Always make sure you have a recent backup, and that it is working. Particularly with the Cryptolocker virus, should your PC become infected and your files become encrypted, a good backup will quickly resolve the problem by allowing you to restore a good copy of your data. Always make sure that you keep your backups separate from your computer, and ideally “off site” to prevent against fire, theft and virus infection.
All of our customers with active Support Agreements or Cloud services will already have the appropriate level of protection and systems monitoring in place, however you should continue to remain vigilant. If you have any concerns or do not have an active Support Agreement in place then please contact firstname.lastname@example.org