Only two weeks to beat a huge cyber attack

[Acorn Newsbot]

It has been reported that between 500,000 and 1 million computers worldwide have been infected with software that can steal users’ bank details and files, and then hold them to ransom.
*
British investigators along with the FBI have been working to discover the hackers behind this cyber-attack and the have managed to temporarily disrupt the botnet system being used. However, the UK’s National Crime Agency warns that the system could be working again in just two weeks’ time.
*
As a result, the NCA is urging people to take advantage of this two-week window to protect themselves against the two pieces of malware involved in this attack – GOZeuS and CryptoLocker.
*
Both tend to infect computers through email attachments or links. The NCA warned that these emails “may look like they have been sent by genuine contacts and may purport to carry invoices, voicemail messages, or any file made to look innocuous".*
*
If GOZeuS (also known as P2PZeuS) is downloaded, it monitors all computer activity and looks to capture personal information, such as bank details. If this malware alone is unprofitable, then CryptoLocker is activated. This will lock a user out of their files and threaten to permanently delete them unless a payment is paid – usually of several hundred pounds. It will provide a countdown timer when doing so, pressuring the victim further.
*
In the first two months of these attacks, around 234,000 machines were affected, bringing the hackers an estimated $27million or £16million (according to the US Justice Department).
*
In the UK, over 15,500 computers are currently afflicted and many more are likely to be at risk.*
*
However, the current two-week window provides people with a valuable opportunity to protect their files and personal information. Firstly, people are advised to ensure that they have antivirus software installed and that it has been updated. You should run scans and check that your computer’s operating system and all apps are up-to-date as well. You should also make sure that all of your files, photographs and videos have been backed up and saved elsewhere – such as on a separate hard drive or memory stick.*
*
It is not just individuals who are at risk – businesses should also take note of this cyber security threat. Any computer can be infected, and private business information can be incredibly valuable. Ensure that all internet enabled devices, both personal and company owned, have up-to-date operating systems and security software. You should also encourage all employees to be particularly vigilant with their emails and refrain from opening anything suspicious, particularly in unsolicited emails.*
*
For more information on cyber-security and how to keep your computer safe, please visit Knowthenet’s Online Safety page.





More...

 

[Skinner]

I think Cryptolocker is prob the worst thing to happen to many, especially since it can raid your connected network drives, usb everything. Its one of the reasons I keep my NAS backup drives switched off.

Everyone should take this op to backup to a disconnected USB drive regularly

 

[ian]

I've seen this mentions a few times, but really don't get it. Are they saying that if anyone has downloaded or opened an attachment containing this virus, they have to react as it is a silent operator ready to launch? If that is the case, how will anti-virus software find it and why would checks now matter versus before?!?!

 

[diablo]

I've seen this mentions a few times, but really don't get it. Are they saying that if anyone has downloaded or opened an attachment containing this virus, they have to react as it is a silent operator ready to launch? If that is the case, how will anti-virus software find it and why would checks now matter versus before?!?!

Not everyone was checking before and software exists that will find and remove it.

 

[scooter]

Run this. (free)
It will find and delete if you have been infected
http://www.f-secure.com/en/web/home_gb/online-scanner

I think there was an estimate of approx 15,000 infected in the UK




.

 

[RobM]

Does this apply to macs?

 

[ian]

Run this. (free)
It will find and delete if you have been infected
http://www.f-secure.com/en/web/home_gb/online-scanner

I think there was an estimate of approx 15,000 infected in the UK




.

Safe to use this? Never heard of them.

 

[Darren]

Does this apply to macs?

Windows only.

 

[AssetDomains]

Safe to use this? Never heard of them.

Yes there legit

List of companies that offer free tools from the government website

Scan for and remove Gameover Zeus malware and CryptoLocker software
Free tools have been specially developed and made available to you by a number of internet security software companies. You can use any of these tools regardless of the make of internet security software you normally use.
Symantec
http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network
F-Secure
F-Secure Online scanner (Windows Vista, 7 and 8)
http://www.f-secure.com/en/web/home_global/online-scanner
F-Secure Rescue CD (Windows XP systems)
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142
Kaspersky
http://support.kaspersky.com/viruses/utility#kasperskyvirusremovaltool (if you think your computer is infected with malware)
http://support.kaspersky.com/8005 (WindowsUnlocker utility for if your computer is infected with CryptoLocker)
Sophos
http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)
Heimdal Security
http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1.)
Microsoft
http://www.microsoft.com/security/scanner/en-us/default.aspx Microsoft Safety Scanner (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)
McAfee
www.mcafee.com/stinger

Trend Micro
www.trendmicro.com/threatdetector
(Windows XP, Vista, Windows, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2).

 

[Darren]

I believe Malwarebytes is also able to detect Cryptolocker.

https://www.malwarebytes.org/

Imagine if this starts spreading through a 0day vulnerability.

 

[Skinner]

Not quite, there are reports of Mac's being infected.

I can't remember which forum I was reading about someone with a mac who's timecapsule or whatever its called was also taken.

A google search shows this at the top...

http://kmesystems.com/a-new-form-of-ransomware-targets-mac-computers-as-well-as-pcs/

Windows only.

 

[Darren]

I do not think the variants mentioned in the original post can infect Mac OS but VM running Windows.

 

[ian]

Thanks, ran a couple of those, in addition to a full check with Webroot and nothing found. I didn't expect there would be, I'm very careful and never open emails I'm unfamiliar with, or access sites I don't know. Scary stuff though.