National Crime Agency Issues Malware Warning

National Crime Agency Issues Malware Warning

This action will give the UK public a two-week opportunity to remove and safeguard themselves from the GOZeuS and CryptoLocker malware, which intelligence suggests currently infects around 15,000 machines.

Members of the public are urged to ensure that security software is installed and updated, by running scans and checking that computer operating systems and applications are up to date.

It is expected that disrupting the system the infected machines use to communicate with each other (and the criminals controlling them) will significantly reduce the malware’s effectiveness.

Businesses are encouraged to test their incident response and to do all they can to educate employees on the potential threat.  Ensuring that full back-ups are taken and tested is also imperative as this is the only way that the data from infected machines can be salvaged.

Get Safe Online is providing advice, guidance and tools at to help people understand more about the malicious software and how to protect themselves. A number of security companies have supplied remediation tools, which can be accessed via Get Safe Online, to help clean up infected machines.

Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said: “Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.

“Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action. Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.”

“Those committing cyber crime impacting the UK are often highly-skilled and operating from abroad. To respond to this threat, the NCA is working closely with law enforcement colleagues all over the world, and developing important relationships with the private sector.”

CryptoLocker and GOZeuS

The majority of infections have been caused by users innocently clicking on attachments or links in emails which seem to originate from genuine contacts.  Typically they seem to include invoices, statements, voicemail messages, or other files made to look innocuous.  The emails are actually sent by the computers of other victims who likely do not realise they are infected – these computers send mass emails with the aim of ensnaring more victims.

When the file or link is clicked on an unprotected computer, GOZeuS downloads and gets installed – this then links the victim’s computer to a network of already-infected machines, known as a BotNet.

The malware monitors the user’s activity with the aim of capturing banking or other valuable private information, which it then transmits to the criminals via the BotNet.

If an infected computer does not seem to offer a significant financial gain, CryptoLocker provides a second opportunity to extract funds from the victim.  This again works unseen in the background and proceeds to encrypt the user’s files.

Once encrypted, a pop-up appears informing the users that they are infected and showing a timer which starts counting down.  This countdown shows the time the victim has to pay a ransom, which is currently one Bitcoin (around £300) for UK users.

To ensure that you are fully protected and for an information guide to pass to your users to educate them about the risk, contact Akita today on 01732 762675 or email

Back to feed