News Column

PC users warned to update security or risk cyber-attack

June 3, 2014

Tom Brewster

The UK'sNational Crime Agency (NCA) has warned British internet users that they have a two-week window to protect themselves from one of the most aggressive computer viruses ever seen, after working with the FBI, Europol and other law enforcement bodies to temporarily seize control of the global network of infected computers.

The virus, called the Cryptolocker, is now disabled, but the NCA said it is a race against time before the hackers circumvent their block on it.

It follows one of the biggest ever international collaborations between the major crime agencies to prevent a virus of this magnitude.

The Cryptolocker software locked PC users out of their machines, encrypting all their files and demanding payment of one Bitcoin (currently worth around pounds 300) for decryption.

The FBI estimates that the virus has already acquired $27m in ransom payments in just the first two months of its life, and that it has infected more than 234,000 machines.

A chief suspect from Russia has been identified, but is still at large, Troels Oerting, head of Europol's European Cyber Crime Centre (EC3) told the Guardian. He said other arrests related to the operation were "in progress".

The global effort to stop the spread of the Cryptolocker ransomware has focused on its delivery method, itself a dangerous form of malware - or virus - called Gameover Zeus (GOZeuS).

This linked the infected machines by peer-to-peer connections - in theory making it harder for the authorities to track and stop.

GOZeuS was designed to steal people's online banking login details, and its victims were usually infected when they clicked on attachments or links in emails that looked innocuous. However, it also dropped Cryptolocker on to their computers.

"Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals," said Andy Archibald, deputy director of the NCA's National Cyber Crime Unit.

"By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them," he said.

"Whether you find online security complicated or confusing, or simply haven't thought about keeping your personal or office computers safe for a while, now is the time to take action."

Affected users are being advised to update their operating system software and security software, and also to "think twice before clicking on links or attachments in unsolicited emails".

Behind the scenes, the law enforcement groups have been taking over points of control in GOZeuS's peer-to-peer network: an action known in the security world as "sinkholing".

By doing this, they have been able to cut off criminal control over the infected computers.

Oerting told the Guardian that the entire infrastructure of the GOZeuS operation had been sinkholed, meaning that the malware should "not reappear for . . . a considerable time".

Although arrests have not yet been made, Oerting believes the eventual impact will be "great".

"[It will not last] forever, but the infrastructure is gone and the criminals will have to build and distribute from scratch," he added.

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Guardian (UK)

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters