“We have a short time to beat a powerful computer attack”

“We have a short time to beat a powerful computer attack.” <– What they said

In an unprecedented move, national law types across the planet have simultaneously made a public announcement about us having just a few weeks to prepare for a massive infection event.

The infections concerned are the Zeus/ Gameover Zeus malware, which harvests credit card, password and other input details from machines and the nasty, nasty Cryptolocker (which we have been banging on about in previous blogs).

The link between the two pieces of code are they appear to be created or at the least controlled by the same people with the delivery mechanism for the former (Zeus) being used to drop the second.

Cryptolocker encrypts your files and demands payment to decrypt them. Apart from a small glitch in the code on a very specific version which exposed the private keys in the Windows Registry enabling decryption, Cryptolocker is efficient, stealthy and irreversible

The UK Government’s advice on the subject, which is excellent is here: https://www.getsafeonline.org/news/we-have-short-time-to-beat-powerful-computer-attack/ 

We don’t know where the two weeks has come from and it seems a little arbitrary. Do they mean by a specific date? Why?

What we do know is that a super global arrest warrant has been issued for the 2.0 Lex Luther himself Evgeniy Mikhaylovich Bogachev in what will surely cause an escalation of hostilities, and either way will arresting one bad guy make any difference?  Whatever, ours is not to wonder why.

The long and short of this is that it is believed that a shedload of machines are infected with at least one of these pieces of malware or at least the daemon spawn, awaiting orders to pounce from their cat stroking command and control servers in the cloud. It is believed that a substantial number of these infected machines are running no longer supported Widow Twankey XP. Come on guys, please….

What to do:

  • Be cautious and aware of opening links in emails especially if they purport to be a voice message or voicemail
  • Make sure your staff are aware of the above
  • Make backups of your data and disconnect the backup devices from your machine. Keep them off line
  • Make sure your antivirus is up to date
  • Make backups of your data (did we say that already?)
  • Make sure you are patched
  • Bin the XP machines. Bin them
  • Make backups of your data and keep them offline (sorry but you have to do it)
  • Be prepared to have to recover your systems in a controlled fashion
  • Refuse to pay
  • Be careful about online payments and check your statements

ITC’s NetSure360° Security Management platform is continuously updated with the IP addresses of ‘sites with poor reputation’ – e.g. suspected Command and Control servers. Customers with our endpoint management can automatically disconnect suspected devices from the infrastructure in short order reducing the impact of an infection.

We are continuously looking at ways to identify, prevent and restrict malicious activity and would love to talk to you about it. Please contact us by calling 020 7517 3900 or email [email protected]