Worldwide alert – Over £60 million losses in GameOver Zeus Malware attacks

Alerts have have been issued by the National Crime Agency in the UK, FBI, other law enforcement agencies as far away as Australia and carried in the media and was on Sky News today. Computer users worldwide in particular those doing their banking on-line have been warned to ensure that their computer security protection is up to date.

In the UK thousands of computer users were warned today (2nd June) that they have two weeks to take action to protect their machines against a powerful computer virus used to extort millions of pounds from victims worldwide.The National Crime Agency said the two-week window had been opened after an operation led by the FBI managed to take control of servers used to control the “highly sophisticated” malicious software which has been stealing personal and financial data worldwide.

More than 15,000 machines in the United Kingdom are believed to have been infected with the virus, known as GameOver Zeus, which has been tailored by a criminal gang based in Russia and the Ukraine to search for files that will allow access to banking or financial information. The FBI believes that GameOver Zeus has been responsible for $100m (£60m) in losses.

According to FBI estimates, nearly 250,000 computers worldwide have been infected with CryptoLocker since it emerged in April and it has so far been used to extort payments of more than $27m (£16m). Up to a million machines worldwide are thought to have been infected with GameOver Zeus.

Internet service providers will now contact thousands of customers believed to have been affected by Gameover Zeus, which is distributed via links or attachments in unsolicited emails, offering advice on how to update anti-virus software to disable the virus. A website set up to provide this information appeared to be offline last night.

Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said: “Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.” Mr Archibald continues: “Those committing cybercrime impacting the UK are often highly-skilled and operating from abroad. The NCA and its partners are alive to the threat, and pursuing new and collaborative ways to tackle and disrupt the perpetrators.”

Tony Neate, our CEO here at Get Safe Online, also commented: “Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action. Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.”

The warning comes after the FBI and agencies in 10 other countries claimed success in their efforts to crack down on the criminal gang behind the viruses by launching a simultaneous attack on servers used by the gang to control their operation.

The GameOver Zeus malware creates a “botnet”, a network of computers that spread the viruses and transfer banking information back to the gang. Information received by the criminals is then used to initiate or hijack electronic money transfers and direct money into bank accounts overseas.

The FBI said on Monday that it believed it had identified a ringleader of the gang, a Syrian-born Russian called Evgeniy Mikhailovich Bogachev, who remains at large but is now facing 14 criminal charges alleging that he is the “administrator” of GameOver Zeus. He is also accused of being a leader of the “tightly knit gang” behind CyberLocker. There were unconfirmed reports last night that one of the suspects is British.

James Cole, the US Deputy Attorney General, said: “These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt.”

From a charity worker in London to a plastics manufacturer in Pennsylvania, the victims of Gameover Zeus and CyberLocker viruses are spread across the world and from all walks of life.

The FBI said last night that it had charged a suspected ringleader of the gang behind the malware with involvement in wire fraud after $824,000 (£491,000) was taken from the bank account of Haysite Reinforced Plastics in northwestern Pennsylvania in a single day in 2011.

Neither “botnets” nor “ransomware” are new. But investigators have been taken aback by the sophistication of these particular viruses. According to research by the University of Kent, up to 40 per cent of victims of CyberLocker have decided to pay the ransom, potentially raising million of pounds for the gang.

Anti-cybercrime experts today advised computer users to update their internet security software and download a free tool to thwart the powerful viruses.

The National Crime Agency advised users to consult the Government-backed getsafeonline.org website to download the tailored anti-virus software provided by eight companies. But Get Safe Online apologised on Monday after its website crashed under the number of requests to view its content.

In a statement, chief executive Tony Neate said: “We have been overwhelmed by the interest of those trying to take action to protect themselves by visiting our page.”

The situation in Portugal is unknown but computer users are advised to view the National Crime Agency website page for advice concerning the malware attack