Today’s Guardian provides the headline, Global police operation disrupts aggressive Cryptolocker virus. The big problem here is that word “disrupts”.
The Gameover Zeus/Cryptolocker “solution” infects computers with a special breed of ransomware (that’s Ransom-Ware) that encrypts the system’s hard drive and then demands payment to unencrypt it. By encrypting the disk witha key unknown to the owner the software essentially prevents anyone but the hacker from accessing it. Most “deployments” of Cryptolocker get onto computers when the owner opens an e-mail attachment that the Windows operating system then dutifully runs as a program.
The thing about the recent police raid on the people who have been running attacks using Cryptolocker and its kin since 2009 is that it is only a holding action. The threat will return, and quickly. The quoted estimate from authorities is a mere two weeks.
Get Safe Online is a web site linked to in the Guardian piece that provides links to advice and tools from anti-malware vendors like Symantec, F-Secure, Kaspersky, Sophos and Microsoft. When I accessed it the site was responding very slowly.
What I’d encourage everyone out there who uses a computer (and that’s pretty much everyone in the industrialized world) to do is to go to that site and start reading.
Also go over to Krebs on Security and read related articles like yesterday’s ‘Operation Tovar’ Targets ‘Gameover’ ZeuS Botnet, CryptoLocker Scourge. Krebs has lots of articles that give practical advice on how to defend yourself against these kinds of threats, suchjas How to Avoid Cryptolocker Ransonware, as well as others.
The thing about malware defense is that it’s a moving target. It’s hard work to keep yourself safe. What comes to mind is the old saw, “eternal vigilence is the price of liberty”. For most people that’s going to mean a lot more reading on security subjects and less time playing Farmville.
Technology professionals like system administrators and network analysts need to up their game as well. It’s time to get… professional. If there was ever a time to start asking management for access to resources like those offered by the SANS Institute (see their Computer-Security-Training.com), it is now. Company executives expect us all to be experts in this stuff, and yet never seem to ask why we’re not expensing for any formal training in it. Kind of like having someone in to review your corporate taxes who shows no evidence of having earned any kind of accounting degree.