The UK’s National Crime Agency along with the FBI, Europol and various security software firms have worked together to temporarily pause the attacks from the Cryptolocker and GOZeus malware.
Operation Tovar: in a nutshell
Since last Friday, 30th May, law enforcement agencies, internet service providers and tech security firms from 11 countries have teamed up to try and stop infected computers from communicating with each other.
It has been fairly effective, but they admit that they can’t keep the criminals’ network down for long. That’s why there are so many headlines telling you that you have two weeks to protect your PC.
In fact, the malware has been around for a long while and is thought to have infected over 15,000 computers in the UK already. However, because the criminal network’s “command and control” is weakened, the government has said this is a “window of opportunity” to protect your PC.
Cryptolocker and GOZeuS: what’s the threat?
Both are nasty pieces of malware. Cryptolocker encrypts your files and demands a ransom to decrypt them. However, there’s no guarantee that you’ll get access to your files if you pay up, and there’s no other way to decrypt them.
GOZeuS (GameOverZeuS, also known as P2PZeuS) is an advanced piece of malware that scans your PC for financial – banking – details and other valuable personal data which the criminals can sell on.
The two work together with Cryptolocker kicking in after GOZeuS has done its dirty work.
How to stay safe
Our advice is simple, and the same as always:
1 – Keep Windows up to date with the latest security patches and other fixes. This should happen automatically, unless you disabled Windows Update. To check if Windows is up to date, run the Windows Update tool. Search for in in the Start menu.
2 – Make sure your antivirus or internet security suite is fully up to date and hasn’t been disabled. If you haven’t installed any antivirus software, or you’ve let a subscription lapse, be sure to re-subscribe or install some free software such as AVG or Avira. Here are the 15 best antivirus programs for PCs and laptops
3 – Don’t open email attachments or click on links in emails unless you’re certain they’re safe. This is how most phishing attacks work, and don’t assume that just because an email is from a trusted person that attachments and links are safe. Their email password may have been hacked and the criminals are using their account to send out phishing emails. Expect to receive emails purporting to be from your internet service provider or the government asking you to click on links or open attachments. These are the ways in which criminals try to fool you and get you to give them personal information. If anything seems suspicious - such as greetings saying 'Dear customer' rather than your full name - delete the email immediately.
If you do click on a link or open an attachment, the malware may install itself automatically, so always be on your guard.
4 – Back up your most important documents. This is absolutely vital to protect against Cryptolocker. It doesn’t matter if your files are encrypted if you have an up-to-date back up. You can simply restore the files, perhaps after reinstalling Windows if it comes to it.
Here’s how to create a backup strategy, but if you don’t have time to read that, the most important thing is to copy the contents of your user folder (Documents, Photos, Videos and any other files that can’t be easily replaced) to a portable hard drive that you can store separately from your PC.
A network-connected backup drive such as a NAS may be susceptible to Cryptolocker, so you need an offline backup to be safe.
5 – Finally, if your PC or laptop has a webcam, you might consider covering it up with a piece of masking tape as these malicious programs may be able to access your device’s cameras and take photos or video.
Check your PC
Many of the antivirus companies have made special tools that you can run to check if your computer is infected. These can be used even if you have antivirus software from a different company:
Kaspersky removal tool (if you think your computer is infected with malware)