GOZeus & Cryptolocker

I hope by now you have seen the various news articles on the Cyber threat “GOZeus” or Game Over Zeus. What’s interesting is that this is the largest joint operation between Government and the private sector working together collaboratively to combat what can be regarded as the single largest cyber threat to the UK public we have ever witnessed.

Behind the scenes the UK’s National Crime Agency (NCA), the Centre for Protection for National Infrastructure (CPNI), UK Computer Emergency Response Team (UK-CERT) together with Internet Service Providers (ISPs) and other private organisations have been coordinating a response. In many senses, the success of this will set the scene for future collaboration projects.

What’s interesting is that this is probably the first time the public have been given an “early warning” of a specific threat with the ability to act and do something about it.

Interestingly, this is not a new threat. The cryptolocker virus has been around for a while with many victims caught in a quandary : with my personal files completely encrypted and beyond my reach, do I pay a painful amount of money to unscrupulous individuals who I shouldn’t trust, in the hope they might honor their part of the deal and decrypt my files?


Unfortunately the right answer is a painful one and aligned with the government’s approach to terrorism – never negotiate or give in to their demands. If you do, even just once, you set a precedent and provide an incentive to the attacker to continue in their endeavor.

However although it is easy to understand this perspective and agree with it today when you still have access to your files, photos, music and home videos, it becomes another matter entirely when you are put under duress. We all think differently under pressure and the threat of loss, and this is what our perpetrators are counting on. For the cyber attacker, the metrics of scale are tipped in his favor. For a newly crafted virus to be delivered to thousands or millions of machines is relatively straight forward and generally speaking until the first discovery of the virus (which only starts to happen when something awry starts to happen) all anti-virus programs will be completely oblivious to the infection. If millions of machines are infected (as they are now in the case of GOZeus), it only takes a a small percentage of victims to respond to make the attacker millions of pounds. Cryptolocker charges £300 to unlock your files so 4000 victims agreeing to this nets the attackers £1.2 million.

Keeping your cyber-self safe hasn’t changed much over the years. Install and keep up to date an antivirus product, turn on a firewall, periodically back up your files off your computer to another location, don’t open email that have come from someone you don’t know or trust and refrain from the temptation of visiting web sites that purport to offer something that looks too good to be true. Following this simple advice will help reduce your exposure to these risks dramatically and although they will not guarantee you remain virus free, they will

Unfortunately too many people don’t follow these sensible guidelines and experience the pain of clearing up after a virus has

The other option is second is to use a device that cannot be infected. You could for example use an Apple iPad or Microsoft Surface RT tablet which has a different processor and cannot run programs or executables that a normal windows computer can. The Surface provides the same user experience that any other Windows machine does, coupled with the benefits of a tablet and the security of a machine that cannot run traditional windows viruses.

The following are free tools that have been specially developed and made available to you by a number of internet security software companies that will scan and remove the GOZeus and Cryptolocker threats. You can use any of these tools regardless of the make of internet security software you normally use.


F-Secure Online scanner (Windows Vista, 7 and 8)
F-Secure Rescue CD (Windows XP systems)

http://support.kaspersky.com/viruses/utility#kasperskyvirusremovaltool (if you think your computer is infected with malware)
http://support.kaspersky.com/8005 (WindowsUnlocker utility for if your computer is infected with CryptoLocker)

http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)
Heimdal Security
http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1.)

http://www.microsoft.com/security/scanner/en-us/default.aspx Microsoft Safety Scanner (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)


Trend Micro
(Windows XP, Vista, Windows, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2).

This entry was posted in Technology. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s