Site icon Sophos News

Staying secure against Gameover and CryptoLocker

gameover

Staying secure against Gameover and CryptoLocker

Gameover, also known as Gameover Zeus, Zeus or Zbot, has been back in the news with headlines suggesting infected users have a small window of opportunity to remove this malware before the criminal’s botnet is reactivated.

Sophos customers have been protected since Gameover (Zbot) and CryptoLocker first came to light. Our free Sophos Virus Removal Tool can help identify and clean-up any infected computers.

The threat

Law enforcement officers have taken down the botnet command and control servers that were behind the notorious Gameover malware. Gameover was used to steal banking credentials, infect victims with the CryptoLocker malware and more.

The servers will undoubtedly get rebuilt — they are too lucrative for the cybercriminals to drop — but in the meantime there is a short window for users to remove existing infections and make sure they are protected in the future.

For detailed information on these threats read our Naked Security article.

What to do if you are infected

Our FREE Sophos Virus Removal Tool is here to help. It detects and cleans up malware, including Gameover and CryptoLocker*, and you don’t have to uninstall your existing anti-virus first.

* Unfortunately decrypting data that’s already been encrypted by CryptoLocker is much harder.

Sophos customers are already protected

Sophos has been detecting and blocking Gameover (Zbot) and CryptoLocker since their inception, keeping our customers secure.  We protect at both the endpoint and the network for total security:

Take a free trial of Sophos solutions today

Tips to stay secure

Here are our top tips to keep your organization secure against Gameover, CryptoLocker and other threats:

  1. Make sure you are running up-to-date endpoint security software and that it is enabled.
  2. Ensure your computer is up to date and fully patched. Not just your operating system but your web browser and third party applications like Java too.
  3. A lot of malicious code is distributed via links in emails or social media messages so don’t click on suspicious links or attachments in email, even better use email filtering.
  4. Use web filtering to prevent you browsing to websites infected with malicious code – 80% of infected websites are legitimate sites that have been compromised.
  5. If you’re worried you aren’t secure, or think you may be infected, run a scan with a tool like the Sophos Free Virus Removal tool which will detect and remove any nasty code like Gameover.
  6. Keep regular backups of your important files and if you can, store them offline, where they can’t be affected in the event of an attack on your active files.
  7. Protect yourself on the network as well as the endpoint. Some malware, such as CryptoLocker, requires a network connection. Network security can pick up the attempt to access the command and control server and block it. The malware will still be on your system but it won’t enable the nasty payload that encrypts all your information. Network security also helps you cover systems where the endpoint security is not installed (such as that printer running Windows XP you might have).

Threat deep-dive

SophosLabs, our global network of threat researchers, are experts in these types of malware. We have a number of ungated resources if you’d like to learn more:

Exit mobile version