The Inquirer-Home

Gameover Zeus and Cryptolocker deadline passes with a whimper

NCA warnings to detect and clear infections either very successful, or unnecessary
Thu Jun 19 2014, 10:03

THE DEADLINE HAS PASSED for thousands of computer systems apparently at risk from the Gameover Zeus (Gozeus) and Cryptolocker malware variants, and it went with a whimper rather than the bang the NCA expected.

The UK National Crime Agency (NCA) warned users to lock down their systems two weeks ago to protect against this heinous threat.

On 2 June, the NCA announced that an international operation had temporarily weakened the global network of infected computers, providing a particularly strong two-week opportunity for members of the public to rid themselves of the malware and help prevent future infections.

Earlier this week, the NCA reminded UK computer users that there was still time to protect themselves from the Gozeus and Cryptolocker malware threats, saying that although the number of infections had decreased, users are still vulnerable to infection.

"Current indications are that UK Gozeus and Cryptolocker infections have reduced since 2 June, but thousands of systems remain affected or at risk," the agency said at the time.

"By updating security software, running system scans to detect and clear infections, and checking that computer operating systems are up to date, individuals and businesses can take advantage of the criminal network's relative weakness."

The NCA "strongly recommended" taking these steps as soon as possible before midnight on Tuesday 17 June.

However, midnight came and went, and the expected meltdown didn't materialise.

Two weeks ago, the NCA issued an unprecedented warning over Gozeus and Cryptolocker PC malware, giving the UK public a unique, two-week opportunity to rid and safeguard themselves from the two distinct but associated forms of malware. However, many were sceptical of the level of threat this malware actually posed.

Gozeus is a peer-to-peer variant of the Zeus family of malware first identified in September 2011. It is designed to steal bank log-in credentials by searching a compromised PC for files containing financial information. If it fails to find anything of value, it may then install Cryptolocker - "ransomware" that encrypts the PC's hard-disk drive, providing the decryption key only after a fee is paid.

Gozeus - also known as P2Pzeus - is believed to have been responsible for the fraudulent transfer of hundreds of millions of pounds. The NCA estimates that more than 15,500 computers in the UK are infected with Gozeus.

As for Cryptolocker, the software is unique compared to average ransomware. Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses third-party certified cryptography that conforms to Microsoft's CryptoAPI.

Dell's security research team revealed in December that Cryptolocker managed to infect up to 250,000 devices, stealing almost a million dollars in Bitcoins, or about £600,000.

"Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the Cryptolocker threat," Dell announced in a Secureworks post. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015