Staying secure against Gameover and CryptoLocker

game-over-150Gameover, also known as Gameover Zeus, Zeus, or Zbot, has been back in the news with headlines suggesting infected users have a small window of opportunity to remove this malware before the criminal’s botnet is reactivated.

Sophos customers have been protected since Gameover (Zbot) and CryptoLocker first came to light. Our free Sophos Virus Removal Tool can help identify and clean up any infected computers.

The threat

Law enforcement officers have taken down the botnet command and control servers that were behind the notorious Gameover malware. Gameover was used to steal banking credentials, infect victims with the CryptoLocker malware and more.

The servers will undoubtedly get rebuilt — they are too lucrative for the cybercriminals to drop — but in the meantime there is a short window for users to remove existing infections and make sure they are protected in the future.

For detailed information on these threats read our Naked Security article.

What to do if you are infected

Our FREE Sophos Virus Removal Tool is here to help. It detects and cleans up malware, including Gameover and CryptoLocker,* and you don’t have to uninstall your existing anti-virus first.

*Unfortunately, decrypting data that’s already been encrypted by CryptoLocker is much harder.

Sophos customers are already protected

Sophos has been detecting and blocking Gameover (Zbot) and CryptoLocker since their inception, keeping our customers secure.  We protect at both the endpoint and the network for total security:

  • Sophos Endpoint Protection — the threat prevention engine that powers all our endpoint solutions — automatically blocks devices from getting infected, and customers are given additional protection with live lookups, suspicious file protection,  runtime protection, web filtering and more.
  • Sophos Email Protection stops malicious emails (one of the main ways CryptoLocker is distributed) from reaching your end users.
  • Sophos Web Filtering prevents malware like Gameover and CryptoLocker being downloaded from infected legitimate sites.  It also stops the malware connecting back to the cybercriminals, which can prevent the malware delivering its payload (for example stopping it encrypting user data in the case of ransomware).
  • Built-in rootkit detection in Sophos Endpoint products helps reduce your exposure to new kernel-level rootkit variants of Gameover that make detection and removal harder.
  • Sophos UTM secures networks against advanced threats like Gameover with multi-layered protection including antivirus, Intrusion Prevention System (IPS) and UTM 9.2’s new Botnet and Command and Control server detection. Watch a short video on how we do it. Take a free trial today.

Tips to stay secure

Here are our top tips to keep your organization secure against Gameover, CryptoLocker and other threats:

1. Make sure you are running up-to-date endpoint security software and that it is enabled.

2. Ensure your computer is up to date and fully patched. Not just your operating system, but your web browser and third party applications like Java too.

3.  A lot of malicious code is distributed via links in emails or social media messages, so don’t click on suspicious links or attachments in email, even better use email filtering.

4. Use web filtering to prevent you browsing to websites infected with malicious code – 80% of infected websites are legitimate sites that have been compromised.

5. If you’re worried you aren’t secure, or think you may be infected, run a scan with a tool like the Sophos Free Virus Removal tool which will detect and remove any nasty code like Gameover.

6.  Keep regular backups of your important files and if you can, store them offline, where they can’t be affected in the event of an attack on your active files.

7.  Protect yourself on the network as well as the endpoint. Some malware, such as CryptoLocker, requires a network connection. Network security can pick up the attempt to access the command and control server and block it. The malware will still be on your system, but it won’t enable the nasty payload that encrypts all your information. Network security also helps you cover systems where the endpoint security is not installed (such as that printer running Windows XP you might have).

Threat deep-dive

SophosLabs, our global network of threat researchers, are experts in these types of malware. We have a number of free resources if you’d like to learn more:

Sophos Free Virus Removal Tool