Every new malware scare has some IT pros running to the hills and two nasty pieces of malware have reared their ugly heads again - Cryptolocker and Gameover Zeus.
Dangerous and indiscriminate in whom they target, many businesses and homes ended up in a right fix.
While these exploits have been around long enough that they should have been vanquished by now, there are machines that are still infected, new ones are being attacked, and many in business and IT systems remain vulnerable.
In the beginning of June, government security agencies around the world warned businesses to batten down the security hatches – and to use a two-week window to boost protection on their networks – after the authorities seized some systems that were distributing the malware. A brief respite!
Of course it will not take long for these kinds of attacks to reemerge, and while we are in a bit of a Cryptolocker/Gameover lull, these are sure to some back with a vengeance, likely in a modified form.
Today the impact of these types of exploits on networks is worse than ever, depending upon who you are. There are two tiers of IT.
On one hand, you have less experienced computer professionals afraid these malicious applications will cost their organisations gazillions from extortion or theft of sensitive information, but don’t really know what to do.
On the other, more experienced IT people are likely to have all they security measures they need in place.
No matter which group you are in, you cannot lower your guard. At the end of the day, the biggest risk is an employee clicking on a link in an email.
Like most types of malicious software, Cryptolocker and Gameover aren’t altogether new. In fact, these attacks tend to build on attacks used in the past. This makes it that much easier to launch an attack, so easy that you no longer have to be highly skilled to be a successful hacker.
In fact, Gameover Zeus has been around in one form or another for some five years.
The good news is standard good security practices and top security tools can ward off Cryptolocker, just as they’ve been warding off hackers and malware for years.
Here’s how these two scourges work...
Cryptolocker is an attack aimed at extorting money from its victims. “Pay a ransom, or your information is encrypted for good” style attacks. Written by Evgeniy Bogachev, it is designed to take over computers, encrypt the data, and only provides the key to decrypt the data once money has been paid.
The typical fee for a PC user? Around $650 paid via Bitcoin. So far, about a quarter of a million machines have been infected.
Gameover Zeus is pure theft, digitally diverting a company’s money to the hackers’ overseas accounts. And the attacks succeed when end users fail to exercise caution, and click on links or attachments in email.
Once they get rolling, these types of attacks tend to be widespread and the malware does real damage to unprotected networks and naïve end users.
Here’s how you can fight exploits such as Cryptolocker:
· Keep all operating systems and applications patched, including Java and Adobe web software.
· Block users from downloading .EXE files
· Maintain at least two tiers of backup, and make sure it is strongly encrypted.
· Train users not to open unknown attachments, open or respond to spam, and to beware of phishing attempts.
· Make sure your anti-malware software is up to date, and that it uses multiple scanning engines and multiple filtering technologies based on file type or content, among others.
If you suspect that a machine or many machines may have been infected, disconnect it/them from the network immediately and then take the necessary steps to clean the infection. Also advise employees to follow security best practice and if they have any doubts about emails coming in, they are to inform IT or delete them.
Malware has and will always be a challenge for IT pros. It’s a cat and mouse game between two highly technical camps. The advantage for malware writers and the bad guys is that they have an unwilling ally in employees who, unwittingly, fall prey to these attacks.
That doesn’t mean they cannot be stopped. Education, proper security measures, a healthy dose of common sense and best practices will go a long way toward preventing an organisation from becoming a victim of extortion and theft.
By Doug Barney - GFI Software