PC Users Warned of Aggressive New Virus

The UK’s National Crime Agency (NCA) has warned internet users that they have a two-week window to protect themselves from a new and particularly aggressive computer virus called the Cryptolocker.

The NCA has worked with the FBI, Europol and other law enforcement bodies to temporarily seize control of the global network of infected computers. Although the virus is currently disabled, the NCA warned that it could be only days before hackers circumvent their block on it.

The warning follows a major international collaboration between the major crime agencies to prevent a virus of such magnitude. The Cryptolocker software locked PC users out of their machines, encrypting all their files and demanding payment of one Bitcoin (currently around £300 or US$500) for decryption. The FBI suggests that the virus has already acquired US$27m in ransom payments in just two months of its life, and that it has infected more than 234,000 machines.

A chief suspect from Russia has been identified, but is still at large. Troels Oerting, head of Europol’s European Cyber Crime Centre (EC3) told UK daily
The Guardian
. He said other arrests related to the operation were “in progress”.

The united effort to stop the spread of the Cryptolocker ransomware has focused on its delivery method, itself a dangerous form of malware – or virus – called Gameover Zeus (GOZeuS). This linked the infected machines by peer-to-peer (P2P) connections – in theory making it harder for the authorities to track and stop.

GOZeuS was designed to steal online banking login details, and victims were usually infected when they clicked on attachments or links in emails that appeared innocuous. However, it also dropped Cryptolocker on to their computers.

Those at risk are being advised to update their operating system software and security software, and also to “think twice before clicking on links or attachments in unsolicited emails”.

Law enforcement groups have been taking over points of control in GOZeuS’s P2P network: an action known in the security world as ‘sinkholing’, in order to cut off criminal control over the infected computers.


Related reading