Are your computer systems safe from Gameover Zeus and CryptoLocker
You may have heard on TV or radio or read in the press about two nasty computer viruses currently doing the rounds.
According to various media sources, the computer servers behind the Gameover Zeus outbreak have been seized, but the culprits have not. Crime agencies (including the FBI and the UK’s NCA – National Crime Agency) reckon that the culprits could have new servers ready in under two weeks. I would suggest that you take any actions necessary sooner rather than later in order to ensure that your own computer(s) are adequately protected. The Cryptolocker virus is already on the loose.
Gameover Zeus
Gameover Zeus searches through your system to locate passwords and login details for bank and credit card accounts and you can guess the rest. Gameover Zeus also deploys the Cryptolocker virus (see below).
On Tuesday I heard on the radio of a company in the North West which had £100,000 taken in a matter of a minute or so – luckily for that business the bank agreed an ex-gratia refund of the stolen money. A very lucky close call. This was down to a bookkeeper opening an innocent looking email apparently from HMRC. Please remember that HMRC only send emails on two occasions:-
1. To advise you that a VAT Return is due to be filed. Since you know what your VAT quarters are you would expect this type of email at a particular time in the quarterly VAT cycle.
2. In response to an electronic submission to HMRC, such as a RTI submission for payroll,
Therefore any other communications apparently from HMRC should be treated with the utmost caution. The same caution should be extended to emails apparently from Companies House.
Cryptolocker
Cryptolocker is a bit of code that encrypts the hard drive(s) of your computer. This denies you access to everything on your computer unless you have the key to un-encrypt the drive. The people behind this charge a fee for providing the key – I’ve heard of $300 being requested. You have no option but to pay and ‘hope’ that they give you the key. A backup of your data wouldn’t be encrypted if taken before the virus is deployed – but this would mean a full rebuild of your computer’s hard drive(s) to install the operating system and your programs.
What action can you take?
I would strongly suggest that you ensure that your anti-virus software is totally up to date and is capable of detecting and dealing with these latest threats. You might want to make sure that your software checks for updates on bootup, and every hour thereafter. You might also alert your colleagues of these threats and tell them to be wary of such emails and to exercise caution with their emails. I have seen email systems where these scam emails have been allowed through when I would have expected Anti Virus (AV) software to delete or quarantine the email.
Personally I am not a fan of free AV software and would prefer (and would recommend) to pay for good software in the knowledge that I am safe and have the backup if things do go wrong. It’s a small price to pay considering the damage that can be done to your business – and it’s tax deductible too.
More information about these threats can be viewed on the Sophos website The Sophos website also has more information about this virus and a free downloadable checker here.
