Tuesday, 3 June 2014

Viruses in the news again. What to do about CryptoLocker, GameOverZeus etc?

You may well have seen the recent news articles about the work of international law enforcement agencies in taking down the networks of computers that run some exceptionally malicious viruses, with names such as CryptoLocker, P2PZeuS, GameOverZeus, etc.

What does it all mean for you and what should you now do?

Here in the UK the National Crime Agency (NCA) have warned users that they have 2 weeks to protect themselves (see http://goo.gl/sPf39B). They don't seem to have made it very clear why you only have two weeks and they seem to only be suggesting that you should run good anti-virus software and to install any waiting Windows Updates. This is, of course, solid advice at any time and not just now.

It appears that the damage the NCA, along with the FBI, Interpol etc, have managed to inflict upon the main servers running these viruses is what has given us a "2 week window". The suggestion is that the "Command and Control" Servers which run these global virus operations are expected to be back up and running soon, i.e. within 2 weeks.

These Servers rely on millions of innocent computers doing the majority of their work, whilst also allowing the virus writers to hide behind many smokescreens.

Your computer may be one of those infected and running as part of this "BotNet" without you knowing about it. The point of updating anti-virus software and keeping Windows up to date is to reduce the chances of your own computer remaining infected in this way.

Internet Service Providers can spot when PCs are participating in a malicious BotNet, by the amount and type of internet traffic that is passed. To date, in the UK, they have never warned anyone that they may be infected, but there are suggestions that they may do so now.

CryptoLocker is a very effective virus which will encrypt and lock all of the data on your computer. You will then see a message on-screen, telling you that this has happened and explaining how to pay a ransom in order to buy a key that will decrypt the data. That ransom apparently varies between £250 and £400. There is no other way to decrypt the locked data.

Any data which can be seen on your network will become locked, once the virus has successfully infected any one computer on the network. This includes data held on Servers and backups held on external hard drives, which are left connected to the PC.

There are several steps that you should take to avoid infection:
1. Use off-site or online backup. This is very unlikely to become encrypted even if you do contract the virus. You simply clean the virus, restore the data from backup and continue.

2. Use a solid anti-virus. We recommend and resell WebRoot. Others are available, but some are less effective than others. Most of the "free" products are not licensed for business use.

3. Run "Windows Updates" regularly, and preferably automatically.

4. Ask us about our "CryptoPrevent" software, which attempts to stop or to disrupt such viruses from running in the first place. This is free to our own clients.

5. Most importantly. Use your own common sense! The vast majority of viruses come through Zip attachments in emails. Does anyone ever send you a Zip attachment? Probably not. If not then do not be tempted to open such an attachment, no matter who it appears to have come from.

Call us for free advice on avoiding virus infections. If you are based in Lancashire and you believe that your computer may be infected, switch it off and ask us to visit as soon as possible.

Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014