The UK’s National Crime Agency (NCA) is warning of a powerful Cyber attack that has already affected hundreds of thousands of computers and stolen hundreds of millions of pounds to date. The sophisticated attack comes in the form of two complex and well written pieces of malicious code that target financial transactions. They sit silently on your computer (currently only the Windows Operating System is affected) until you make a financial transaction then the first virus, Game Over Zeus, springs to life capturing the details and sending them back to an organised criminal gang. The second virus, CryptoLocker, encrypts files on computers and demands a ransom of £200 – £300 before they can be decrypted for normal use.
The NCA has worked closely with the FBI in disrupting the gang who are responsible and their lines of communications. They have arrested a Russian National who is thought to be the ringleader but warn that it may be as little as two weeks before they are able to regroup and continue with online crimes. During this period it is advised that online users have the latest security updates and Anti Virus updates installed, and conduct a scan of their computers to ensure they are free of infections. Additionally, to guard against CryptoLocker, files should be backed up regularly to a separate device such as an external USB drive. These actions should be standard practice but are even more critical over the coming period. Further free online advice can be found here at getsafeonline.org/nca
While this advice applies equally to home and corporate users, it’s easier said than done to scale across many thousands of corporate computers. Organisations can implement controls within Microsoft Group Policy and at an infrastructure level to implement defence in depth – in other words minimise the likelihood of a successful attack in the first place. Regency can help assess your technical architecture and recommend a series of controls that minimise risk cost effectively, starting with technology you already have. Why not give one of our experienced consultants a call to discuss how we could help?