NCA Alert: Two-week opportunity for UK to reduce threat from powerful computer attack
The National Crime Agency (NCA) is urging members of the public to protect themselves against powerful malicious software (malware), which may be costing UK computer users millions of pounds.
Action taken by the NCA to combat the threat will give the UK public a unique, two-week opportunity to rid and safeguard themselves from two distinct but associated forms of malware known as GOZeuS and CryptoLocker.
With demand high for information, CERT-UK is providing an additional route to view the NCA’s recommended action. See below:
Users are recommended to take the following actions to address GOZ infections:
- Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
- Change your passwords – Your original passwords may have been compromised during the infection, so you should change them
- Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
- Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.
http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8)
http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)
http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)
http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx (Windows XP (SP2) and above)
http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)
http://about-threats.trendmicro.com/us/webattack/3136/GOZ%20and%20CryptoLocker%20Malware%20Affecting%20Users%20Globally (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)
The above are examples only and do not constitute an exhaustive list.
- GOZ has been associated with the CryptoLocker malware. For more information on this malware, please visit the CryptoLocker Ransomware Infections page.
Members of the public can protect themselves by making sure security software is installed and updated, by running scans and checking that computer operating systems and applications are up to date. More information and cyber security tips are available within this site.
The NCA’s alert is part of one of the largest industry and law enforcement collaborations attempted to date. Activity in several countries, led by the FBI in the US, has weakened the global network of infected computers, meaning that action taken now to strengthen online safety can be particularly effective. The full text of the NCA alert can be viewed via their website.
GOZeuS (also known as P2PZeuS) has been assessed as being responsible for the fraudulent transfer of hundreds of millions of pounds globally. Recent intelligence has suggested that more than 15,500 computers in the UK are currently infected, with many more potentially at risk.
By disrupting the system used by the infected computers to communicate with each other, and the criminals controlling them, this activity aims to significantly reduce the malware’s effectiveness.
Individuals in the UK may receive notifications from their Internet Service Providers that they are a victim of this malware and are advised to back up all important information – such as files, photography and videos. Businesses should also test their incident responses and business resilience protocols and work with their IT departments or suppliers to educate employees on the potential threat.