CryptoLocker and GameOver Zeus: When Bad Meets Ugly

It's been a few weeks since we've reported on the GameOver Zeus virus, and a few months since we first told you about the nasty ransomware known as Cryptolocker. Now, we're seeing the two threats merge into one code-red-mega threat that your business needs to be prepared for!

GameOver Zeus is effectively spreading Cryptolocker. At the time of this writing, this one-two combo is responsible for infecting over 15,500 computers in the UK alone, though over a quarter-million users were infected within the first 100 days the malware was functional. Here are some reminders on what these two nasty computer viruses are individually all about:

• GameOver Zeus: A peer-to-peer software that seeks out login credentials for bank accounts in order to steal sensitive information.
• Cryptolocker: This is a particular nasty ransomware that will encrypt all of your data and literally hold your computer hostage, demanding that you pay the hackers money to regain control of your machine. If you don't meet the hacker's demands in a timely manner, then Cryptolocker will lock down all of your PC's data. Paying the hackers will give you access to your machine and a decryption key--maybe (this never worked at first).

This nasty combo threat works by GameOver Zeus first attempting to extract your financial data. After your data is scanned and sensitive information is extracted, THEN Cryptolocker is installed, and your computer is taken for ransom!

The worst thing you can do is nothing. When it comes to safeguarding your business from such a threat, it's important that you take proper security precautions, and that you're vigilant about network security. Here are a few tips that will help keep your business protected!

• Keep your guard up: One of the primary ways this malware spreads is by emailing its victims fake bank account statements. This is a classic malware move that attempts to trick users into downloading malicious software. When in doubt, don't open the fake bank statement. Call your bank to verify the email using the phone number from your personal records (not the number provided within the fake email).
• Update, update, and update: It's vital that you keep all of the software on your network (especially your operating system) as up to date as possible. Software updates include the latest security patches and protections against threats, including mega threats such as this.
• Scan to protect against scams: It's essential that antivirus scans on your PC are done regularly. A ransomware like Cryptolocker is fast-acting, but if a virus scan catches Cryptolocker before it can successfully commandeer your machine, then you just saved yourself a world of pain.
• Backup Your Files: Home users typically store their data on the PC itself, and we encourage you to keep your personal computers backed up, but businesses should be storing their important data on their server. Either way, you should institute a comprehensive backup and data recovery protocol to ensure the redundancy of your files. If you don't have a backup solution for your data, contact us today to get the most trusted business continuity solution available in the DC Metro area.

If your computer is showing signs of a virus, you should take immediate action and call Macro Systems at 703-359-9211. In a worst-case scenario, your computer will be hit with this GameOver Zeus/Cryptolocker combo. In a best-case scenario, it will be a false alarm. Better safe than sorry.

If you see this screen, take the following actions toward limiting the impact that the malware has on your system.

• Disconnect your computer from the Internet, either by unplugging the wired connection or disabling the wireless connection.
• Disconnect any external storage units, such as USB units, and disable any cloud storage software you may be using.
• Do not attempt to remove the virus on your own. Contact the professional technicians at Macro for assistance with removing the threat.

Macro Systems will attempt a system backup restore using your backed up files, provided they aren't infected (and you have one). At this time, there is no way to decrypt files without the decryption key.

The best way to protect your company from ultra-wicked threats like this is to take a proactive approach to IT security. Macro Systems offers your business this with our managed IT services. We can monitor your system, and at the first sign of a problem we'll take care of it from our end! To gain the ultimate protection from the ultimate online threat, call us today at 703-359-9211.