Tag Archives: Cryptolocker

GOZeuS, Are You Ready?


We have all received dodgy, suspicious emails, and they keep getting harder and harder to spot – I mean it’s not like they come from fraud@iwantyourmoney.co.uk or openme@virus.com.

Nowadays these emails come from addresses pretending to be your bank, huge organisations or Government Bodies.  These can be spotted usually by looking at the subject line (for order numbers that are incorrect or notification of a tax rebate) or the address it was sent from being incorrect or unfamiliar to the normal ones used.

Zeus was not the
nice God Disney would have you believe

However, sometimes malignant emails come from contacts we have in our address books. This week the NCA (National Crime Agency) issued a warning that we have a little under two weeks to protect our computers, and ourselves, against two powerful pieces of software; CryptoLocker and – the aptly named – GOZeuS (Zeus was not the nice God Disney would have you believe, just ask Prometheus). So far these two viruses have fraudulently transferred millions of pounds into the accounts of cyber criminals. Once these viruses infect your computer (via a Trojan link or attachment in an email you open) it can send emails containing the Trojan links to all of your contacts (infecting more computers) and monitor everything you do – some reports have even suggest they can gain control of your webcam…

ransoming your data for
anywhere between £200 to £300

Once infected, your PC will be joined onto a network of other infected PCs known as a BotNet where your activity is monitored. What makes these viruses so profitable to the criminals is that they work together. If GOZeuS is unable to find information on your PC that will make a good enough profit, the CryptoLocker will take over. CryptoLocker works by encrypting and locking your files without your knowing, until you get a popup that is essentially ransoming your data for anywhere between £200 to £300 – what do you think the chances are that your files will actually be unlocked if you pay up? Exactly.

To keep yourself and your data safe please take the following precautions – make sure your security software is installed on all of your PCs and fully updated, run scans on your PC and check your operating systems and applications are all up to date and that you have an effective backup system in place with a good retention period.

warning signs to look out for

Some warning signs to look out for include; your operating system running very slowly, unauthorised logins to accounts or unauthorised money transfers and your curser moving around erratically with no input from yourself. It has been suggested that over 15,500 computers in the UK are currently infected so the sooner you address your security systems, the better.

However, if your PC has already been infected with CryptoLocker and GOZeuS it is too late, this is when a good retention period on the backup system you have in place will come in handy. If you have to buy new PCs etc, you will be able to restore all of the information you have backed up to before your PC was infected.

If you believe you have lost money due to malware you can report your loss to Action Fraud at www.actionfraud.police.uk or call 0300 123 2040.

Potentially Malicious Emails 5/6/2014

Cryptolocker – Are you sure you’re protected?

So if you backup your data
offline you’re safe – right?

Cryptolocker is now said to have infected over 250,000 PCs, with the UK being second most infected country at 19% just behind the US at 23%.

So if you backup your data offline you’re safe – right? Well actually, maybe not. Read the following example of how you’re offsite backup may only contain Cryptolocker encrypted files

Let’s say you backup everything in c:\docs
You backup this folder twice a day – Midday then 7pm
It’s the weekend tomorrow and then have a well deserved week off.
Without you being aware, your PC has been infected with Cryptolocker. It’s searching your hard drive and network shares for files to encrypt as you work.

Without you being aware,
your PC has been infected
with Cryptolocker

It’s the end of the day. You go home, leaving your PC on as normal.
The backup runs it’s 7pm but it’s now backing up all your files again as they have changed thanks to the encryption by Cryptolocker.
The files are seen as updated files, so the original are moved into retention on the offsite servers. Your backup only has a 7 day retention period!!!
You come back to work after a week off only to see the Cryptolocker splash screen.
You try to restore your data, but all you can restore are Cryptolocker encrypted files.
You select files as far back as you can, but because all files were modified over 7 days ago by Cryptolocker the good files are gone!

You have to be unlucky for this to happen, but it could happen, and trust me, it has!

If you run an offsite backup account with us or any another provider, make sure you have a long enough retention period to cover your data before it’s too late. Cryptolocker will be around for some time so please check.

So why wouldn’t you just set the retention window to unlimited.

Well, let’s say you have a 1 meg word file. Let’s forget about compression just to make the math simple.
Day one you create the file and back it up. That’s 1 meg stored off line.
Every day you modify this file so after a week you have 7 megs+ stored offline.

backup account could contain
365meg + worth of storage
just for a one meg file.

This continues everyday. By the end of the year, your backup account could contain 365meg + worth of storage just for a one meg file.
Obviously, you have more than one file to backup. Work the same out for all your other files and the data stored offsite soon adds up and so will the cost!

Retention period will work by removing old copies of files. Let’s say you have a 30 day retention. On the example above you will have the original file, then the last 30 days worth of changes to that file, meaning you’re only storing 30 meg rather than 365 meg.

We compress all files so a 1 meg word file would end up at least 50% of that, but that’s not really the point here. The point is, you may think you’re safe, but may not be safe enough. It will only take a minute to check, or if you’re a SDSL customer, call us on 0844 406 8094 and one of our technical staff will happily help you.

I hope this helps someone out there!