Thousands of personal and business PCs infected
The National Crime Agency (NCA) is today urging members of the public to protect
themselves against powerful malicious software (malware), which may be costing UK
computer users millions of pounds.
Action taken by the NCA to combat the threat will give the UK public a unique, twoweek
opportunity to rid and safeguard themselves from two distinct but associated
forms of malware known as GOZeuS and CryptoLocker.
The NCA’s alert is part of one of the largest industry and law enforcement
collaborations attempted to date. Activity in 11 countries, led by the FBI in the US,
has weakened the global network of infected computers, meaning that action taken
now to strengthen online safety can be particularly effective.
GOZeuS (also known as P2PZeuS) has been assessed as being responsible for the
fraudulent transfer of hundreds of millions of pounds globally. Recent intelligence has
suggested that more than 15,500 computers in the UK are currently infected, with
many more potentially at risk.
By disrupting the system used by the infected computers to communicate with each
other, and the criminals controlling them, this activity aims to significantly reduce the
Members of the public can protect themselves by making sure security software is
installed and updated, by running scans and checking that computer operating
systems and applications are up to date.
Individuals may receive notifications from their Internet Service Providers that they
are a victim of this malware and are advised to back up all important information –
such as files, photography and videos. Businesses should also test their incident
responses and business resilience protocols and work with their IT departments or
suppliers to educate employees on the potential threat.
Get Safe Online is providing advice, guidance and tools on its website at
www.getsafeonline.org/nca to help internet users understand more about the
malicious software and how to protect themselves and their computers from attacks.
A number of leading cyber security companies have supplied remediation tools,
which can be accessed via getsafeonline.org to help clean up infected machines.
Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said:
“Nobody wants their personal financial details, business information or photographs
of loved ones to be stolen or held to ransom by criminals. By making use of this twoweek
window, huge numbers of people in the UK can stop that from happening to
“Whether you find online security complicated or confusing, or simply haven’t thought
about keeping your personal or office computers safe for a while, now is the time to
take action. Our message is simple: update your operating system and make this a
regular occurrence, update your security software and use it and, think twice before
clicking on links or attachments in unsolicited emails.”
“Those committing cybercrime impacting the UK are often highly-skilled and
operating from abroad. To respond to this threat, the NCA is working closely with
law enforcement colleagues all over the world, and developing important
relationships with the private sector.”
GOZeuS and CryptoLocker
Users are typically infected by clicking on attachments or links in emails which may
look like they have been sent by genuine contacts and may purport to carry invoices,
voicemail messages, or any file made to look innocuous. These emails are generated
by other victims’ computers, who do not realise they are infected, and are used to
send mass emails creating more victims.
If the file or link is clicked on an unprotected computer, GOZeuS is downloaded and
installed and it will then link the victim’s computer to a network of already infected
machines known as a BotNet.
The malware waits silently, monitoring the user’s activity until the opportunity arises
to capture banking or other private information, which is then transmitted back to the
criminals via the BotNet infrastructure.
Where a computer infected with GOZeuS turns out not to offer a significant financial
reward, it can ‘call in’ CryptoLocker, to give the criminal controllers a second
opportunity to acquire funds from the victim.
CryptoLocker works away in the background, encrypting the user’s files. Once that
process is complete, the victim is presented with a pop-up telling them what has
happened and a timer appears on their screen, which starts counting down. That is
the time the victim has in order to pay a ‘discounted’ ransom, currently one Bitcoin
(£200-£300 approximately) for UK users.
The NCA has been working with international law enforcement partners including the
FBI and Europol, as well as partners from the banking, internet security and ISP
Information on ensuring security software is up to date can be found at
www.getsafeonline.org and www.cyberstreetwise.com
Members of the public who think they have lost money through malware such as
P2PZeus and Cryptolocker should report it to www.actionfraud.police.uk
If you are worried about potential threats please give us a call and we can look at your IT Systems to make sure you are doing the enough to protect your company.