GOZeuS and CryptoLocker: why you have a week to protect yourself

By: John McGarvey

Date: 09 June 2014

GOZeus and CryptoLocker - locked folder{{}}Don't panic, but you have a week left to protect yourself and your business from an online threat called GoZeuS. That's according to official Government advice, no less.

So, what are GOZeuS and CryptoLocker? And why is the next week a critical period?

Disrupting the efforts of online criminals

You might not realise it, but there are battles happening online at this very moment.

On one side, hackers and online criminals are constantly finding new ways to steal data, pinch money and cause harm. On the other, security companies and government agencies are working to disrupt these criminal activities.

Recently, a group of organisations led by the FBI announced a significant victory. Experts have significantly disrupted the GOZeuS and CryptoLocker malware, which have been stealing people's data and holding their computers to ransom.

GOZeuS and CryptoLocker explained

GOZeuS is a piece of malicious software that can infect your PC, just like a virus. You can catch it from opening an infected email or visiting a dodgy website. It's estimated that around 15,000 computers in the UK are affected by it.

Once GOZeuS is on your computer, it attempts to hunt out valuable data that it can steal. Names, addresses, bank details, passwords ... the usual stuff. 

If it doesn't find enough information to be profitable, GOZeuS may activate CryptoLocker. This devious malware encrypts your computer, locking it down so you can't access any of your own data.

You may then see a message demanding you pay a ransom (typically £300 — £500) in order to regain access. Nice, eh?

Why do the next seven days matter?

Although GOZeuS and CryptoLocker are still out there, the network of infected computers has been significantly weakened. It's currently harder for infected computers to communicate with each other.

This means now is a really good time to strengthen your online security. To draw on a somewhat overused analogy, it's better to fix the roof while the sun's shining rather than waiting for the next storm.

According to official advice, the next week is the best time to make sure your defences are in order.

So, in the next few days, why not set aside an hour to review your security procedures?

  • Scan your computer for GOZeuS. Free tools to do this are available from Symantec, F-Secure and other providers.
  • Check your security software. Is it running on all computers and servers? Is it up to date?
  • Do a full scan of your computer, too. Run a one-off deep scan using your current security software.
  • Make sure your software is up-to-date. Visit Windows Update and turn on automatic updates.

Finally, you might receive an email or letter from your internet service provider warning your computer is infected. If so, don't dismiss it. As part of the work to disrupt GOZeuS, official bodies gained access to records on criminal servers and have been able to identify infected computers.

However, to be sure this isn't a fake phishing email, use the links above to go directly to GOZeuS removal tools, rather than clicking any links in the message. And call your ISP for confirmation if you have any concerns.

You can get more advice about GOZeuS on the Get Safe Online website.