Unprecedented global internet security activity

crypThis week has seen unprecedented global internet security activity as operations by Interpol, the FBI and the UK’s National Crime Agency (NCA) have been made public. The reason for this are the serious problems being caused by two malicious programmes targeting computers running Microsoft Windows:

  • Cryptolocker – ‘ransomware’ that encodes all files (including mapped drives, USB sticks and cloud services like Dropbox) accessible from the infected system
  • Gameover Zeus – spyware designed to steal logins to defraud banks, individuals and businesses

The method of infection is by email attachment or a hyperlink in an email which downloads the malicious package.

50,000 UK infections

These threats are not new. Since summer 2013 there have been around 50,000 infections of UK computers with the global total believed to be in excess of 230,000. Around $30 million has been extorted with Cryptolocker while GOZ related fraud activity has enabled theft of about $100million.
The cyber-criminals behind the threats have been quick to morph them to get around defensive countermeasures. The threat remains agile and the unprecedented activity this week to shut down this criminal activity by seizing control of the Cryptolocker servers is ongoing. It is believed the current efforts may be effective for up to two weeks, but after that experts predict it will morph yet again.

Minimising the threat to businesses

While both of these pose a risk to commercial operations, for many businesses Cryptolocker is the primary concern. Once encoded, decryption is impossible without the key because files are encrypted with 256 bit technology. The key to unlock these is then encrypted with 2048 bit encryption.
To prevent infection and the problems this is causing there are a number of steps businesses can take. Some are helpful to everyone for minimising the risks, but others are really for Power Users or Admins.

Back up data

Keep regular updates on drives or remote services that are disconnected other than when backing up.

Update software

Enable automatic updates for Windows and other applications or go directly to the application vendor websites to update them.

Follow the time tested rules of email security best practice

Don’t open emails from people you don’t know or are not expecting. If curiosity gets the better of you do not under any circumstances open attachments or click links in emails.

Avoid .EXE files

Best policy is to block all email activity related to .EXE files; use workarounds such as password protected ZIP file containers if you must use them.

Use a good security suite

Anti-malware software and software firewalls can help prevent infection, or interrupt the Cryptolocker mechanism if it does manage to get in and run.

Advanced tips for Administrators or Power Users

Disable .EXEs in App Data and Local App Data folders

Using rules within Windows or Intrusion Prevention Software lets you interfere with the Cryptolocker mechanism by preventing .EXEs running from App Data and Local App Data directories.

Obtain Cryptolocker prevention kit by Third Tier

This tool enables Group Policy automation preventing .EXEs running from App Data and Local App Data directories.

Disable RDP

Disabling Remote Desktop Protocol shuts down another route that is often exploited.

If you think you’ve just run something suspicious…

…but have not seen a ‘ransomware’ screen come up, disconnect from the network immediately by shutting down Wi-Fi connections and physically unplugging network cables; disconnect USB drives as well; there is no guarantee this will prevent encryption, but like the man said, it’s better than doing nothing…

If you think you are infected

If you believe your computer may be infected go to www.getsafeonline.org/nca and download one of the free programs designed to specifically identify Cryptolocker and GOZ.

Cryptolocker victims wanted – speak to Paralogic now

If you have been a victim or want to prevent your business becoming a victim, then Paralogic security experts have been helping our clients meet the challenges posed by Cryptolocker and other ‘ransomware’ and malicious software threats for many years.
Please contact us and we’ll be glad to see if we can help. Simply fill in the form on the right or call us on 01844 293 330.
For extended information on the preventative measures outlined in this blog please go to welivesecurity.com




LATEST BLOG POSTS

Why Paralogic has been named one of Britain’s 50 Best Managed IT Companies

2nd January 2020

For more than 20 years, Paralogic has been on the side of small business, providing IT support and services they can rely on. We’re thrilled, therefore, to be named among the best British MSPs, cementing…

Read More

Equifax security breach: What if it happened under GDPR?

9th October 2019

The European Union’s General Data Protection Regulation (GDPR) is the most significant shake up of information security for many years. Despite the toughening of rules and the harsh treatment of companies by regulators and the…

Read More