National Crime Agency
Printable version |
Two-week opportunity for UK to reduce threat from powerful computer attack
The NCA is today urging members of the public to protect themselves against powerful malicious software (malware), which may be costing UK computer users millions of pounds.
Action taken by the NCA to
combat the threat will give the UK public a unique, two-week opportunity to rid
and safeguard themselves from two distinct but associated forms of malware
known as GOZeuS and CryptoLocker.
Members of the public can protect themselves by making sure security software
is installed and updated, by running scans and checking that computer operating
systems and applications are up to date.
The NCA’s alert is part of one of the largest industry and law
enforcement collaborations attempted to date. Activity in several countries,
led by the FBI in the US, has weakened the global network of infected
computers, meaning that action taken now to strengthen online safety can be
particularly effective.
GOZeuS (also known as P2PZeuS) has been assessed as being responsible for the
fraudulent transfer of hundreds of millions of pounds globally. Recent
intelligence has suggested that more than 15,500 computers in the UK are
currently infected, with many more potentially at risk.
By disrupting the system used by the infected computers to communicate with
each other, and the criminals controlling them, this activity aims to
significantly reduce the malware’s effectiveness.
Individuals in the UK may receive notifications from their Internet Service
Providers that they are a victim of this malware and are advised to back up all
important information – such as files, photography and videos. Businesses
should also test their incident responses and business resilience protocols and
work with their IT departments or suppliers to educate employees on the
potential threat.
Get Safe Online is providing advice, guidance and tools on its website
at www.getsafeonline.org/nca to help
internet users understand more about the malicious software and how to protect
themselves and their computers from attacks. A number of cyber security
companies have supplied remediation tools, which can be accessed via Get Safe
Online, to help clean up infected machines.
Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit,
said: “Nobody wants their personal financial details, business
information or photographs of loved ones to be stolen or held to ransom by
criminals. By making use of this two-week window, huge numbers of people in the
UK can stop that from happening to them.
“Whether you find online security complicated or confusing, or simply
haven’t thought about keeping your personal or office computers safe for
a while, now is the time to take action. Our message is simple: update your
operating system and make this a regular occurrence, update your security
software and use it and, think twice before clicking on links or attachments in
unsolicited emails.”
“Those committing cyber crime impacting the UK are often highly-skilled
and operating from abroad. To respond to this threat, the NCA is working
closely with law enforcement colleagues all over the world, and developing
important relationships with the private sector.”
GOZeuS and CryptoLocker
Users are typically infected by clicking on attachments or links in emails
which may look like they have been sent by genuine contacts and may purport to
carry invoices, voicemail messages, or any file made to look innocuous. These
emails are generated by other victims’ computers, who do not realise they
are infected, and are used to send mass emails creating more
victims.
If the file or link is clicked on an unprotected computer, GOZeuS is downloaded
and installed and it will then link the victim’s computer to a network of
already-infected machines, known as a BotNet.
The malware waits silently, monitoring the user’s activity until the
opportunity arises to capture banking or other private information, which is
then transmitted back to the criminals via the BotNet infrastructure.
Where a computer infected with GOZeuS turns out not to offer a significant
financial reward, it can ‘call in’ CryptoLocker, to give the
criminal controllers a second opportunity to acquire funds from the victim.
CryptoLocker works unseen in the background, encrypting the user’s files.
Once that process is complete, the victim is presented with a pop-up telling
them what has happened and a timer appears on their screen, which starts
counting down. That is the time the victim has in order to pay a
‘discounted’ ransom, currently one Bitcoin (£200-£300
approximately) for UK users.
The NCA has been working with international law enforcement partners including
the FBI and Europol, as well as partners from the banking, internet security
and ISP sectors.
Information on ensuring security software is up to date can be found at Get Safe Online and Cyber Streetwise
Members of the public who think they have lost money through malware such as
P2PZeus and Cryptolocker should report it to Action Fraud.