Zeuszilla vs KryptoniteLocker! Two weeks in and we are all still alive!


Yes, it has been two weeks since the doom and gloom prophecy from Commissioner Gordon and his associates as reported on these pages as ‘a little arbitrary’ err two weeks ago.

We were confused about the highly specific time frames then and remain so now. If the FBI took down a BotNet, the command and control servers will no doubt be rebuilt by the armies of Lex Luther 2.0 (Evgeniy Mikhaylovich Bogachev), but it may take longer than 2 weeks. Maybe the comms aren’t so good where they are hiding and they must first build an all powerful global communications umbrella network having taken over the entire satellite fleet, Mwahahahaha. (Easy now, Ed)

Fiction aside, the problem definitely hasn’t gone away. Only yesterday, I received the email below:

This was picked up by Gmail’s scanners but I thought I would have a look at the attachment (in the blast proof Bat Cave, obviously) and sure enough it contains Cryptolocker. I don’t have a MasterCard, but I bet if you did, this is the sort of thing that might make you click on the link in a red mist shouting ‘Argh, what has he/she gone and bought now? We don’t need any more Hi-Fi/Shoes/handbags/cider!’, and so the Malware is delivered. Very sneaky indeed.

So before everyone relaxes (as is being recommended in some other security blogs), let us reiterate our recommendations around this subject:

  • Be cautious and aware of opening links in emails especially if they purport to be a voice message or voicemail
  • Make sure your staff are aware of the above
  • Make backups of your data and disconnect the backup devices from your machine. Keep them off line
  • Make sure your antivirus is up to date
  • Make backups of your data (did we say that already?)
  • Make sure you are patched
  • Bin the XP machines. Bin them (if you haven’t done this yet don’t say we didn’t warn you)
  • Make backups of your data and keep them offline (sorry but you have to do it)(as above)
  • Be prepared to have to recover your systems in a controlled fashion
  • Refuse to pay
  • Be careful about online payments and check your statements

ITC’s NetSure360° Security Management platform is continuously updated with the IP addresses of ‘sites with poor reputation’ – e.g. suspected Command and Control servers. Customers with our endpoint management can automatically disconnect suspected devices from the infrastructure in short order reducing the impact of an infection.

We are continuously looking at ways to identify, prevent and restrict malicious activity and would love to talk to you about it. Please contact us by calling 020 7517 3900 or email [email protected]

With apologies to DC Comics fans for mixing our Superheroes. It’s all the rage apparently.