The UK’s National Crime Agency sent out a global warning for users to take prompt action before hackers seize their computers back. It comes after the FBI, NCA, and Europol disrupted one of the most powerful viruses that steal personal and financial data.
The warning relates to a strain of malware known as Cryptolocker, which works together with another malware, Gameover Zeus (also known as GOZeus or P2PZeus).
GOZeus is usually downloaded by unsuspecting users in what is known as a phishing attack, often in the form of an email which looks legitimate, but which is in fact designed to trick someone into downloading malicious software.
Once inside someone’s machine, the malware then searches for files containing financial information. If it cannot find anything, it will install Cryptolocker, which locks the computer until a ransom fee is paid.
In the biggest operation of its kind, servers all over the world were raided simultaneously by the NCA, FBI, Europol, and other authorities.
This meant police could direct what are known as Command and Control (C&C) servers, which hackers and criminals use to control the operation of the botnet. A botnet is a network of home computers often controlled by a criminal gang.
“The scale of this operation is unprecedented. This is the first time we’ve seen a coordinated international approach of this magnitude, demonstrating how seriously the FBI takes this current threat,” Steve Rawlinson from Tagadab, a web-hosting company involved in the bust, told the BBC.
More than 15,000 computers are thought to have been infected in the UK, according to the NCA. Internet service providers (ISPs) will be contacting customers who they know have been infected.
The NCA is advising anybody who thinks they might have been a target to make their computers safe by visiting the sites Get Safe Online and Cyber Streetwise. Anyone who has lost money through malware should report it to Action Fraud.
“Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them,” Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit, said in a statement.
However, computer users need to take action immediately, as authorities only have temporary control of communications.
“This warning is not intended to cause you panic but we cannot over-stress the importance of taking these steps immediately. This is because the UK’s NCA has taken temporary control of the communications used to connect with infected computers, but expects only a very limited window of opportunity to ensure you are protected,” said UK-based Get Safe Online, a government-backed organization that has published a list of software it recommends for the task.
But technical problems meant that some users were unable to access the Get Safe website Monday afternoon, although the organization’s chief executive, Tony Neate, insisted that this was not due to a cyber-attack.