The takedown earlier this week of a major malware-spewing botnet has crippled the distribution of Cryptolocker, one of the world's most sophisticated examples of ransomware, Computerworld reports today.
On Tuesday NZ time, the US Department of Justice (DOJ) revealed that it, along with law enforcement agencies in several other countries, including Australia, Germany, France, Japan, Ukraine and the UK, had grabbed control of the Gameover Zeus botnet. Criminal charges have also been filed against the alleged administrator of the botnet for targetting between 500,000 and 1 million computers and causing an estimated $US100 million in losses.
But the part Ministry of Education and InternetNZ-funded NetSafe is warning Kiwis to stay vigilant.
Ransomware is used by hackers to remotely access a computer, then encrypt its contents. Money is demanded before the victims can regain access to their data. NetSafe and law enforcement agencies warn that most ransomware hackers operate out of eastern Europe. There is no honour among thieves, and almost no chance you'll see your files if you fork over money.
"NetSafe has dealt with numerous individuals and companies impacted by CryptoLocker ransomware since October 2013 and we were pleased to see international law enforcement targeting those behind the botnet in a coordinated effort to tackle international cybercrime," NetSafe cybersecurity programme manager Chris Hails tells NBR.
As always, NetSafe's advice is: keep your security software and all other programmes up to date and, more, assume that one day you will get hit regardless — so make sure you have current, working backups.
"We are aware of several companies that have paid for their unique CryptoLocker key to recover data where they have had no option but to pay up — in some cases no backup process was in place, in others, connected drives or cloud based services have also been encrypted with one business facing the loss of more than two years' worth of data," Mr Hails says.
The average victim has paid out around $700 to recover files but we know of one company that paid almost $9000 for Bitcoins at the peak of the crypto currency's trading cycle. And there is a strong possibility that paying the ransom may not result in access being restored to encrypted data."
NetSafe was contacted by one company yesterday that were in the process of paying the ransom for the return of their encrypted files last weekend. They found the network had been taken down by the law enforcement operation and are now unable to recover their data, Mr Hails says.
NetSafe, the Police National Cyber Crime Centre and InternetNZ have reminded computer users this week of the need to prepare against ransomware threats and UK agencies have suggested there may be a two week window before botnet infrastructure is working again. New malware is developed all the time with recent coverage of ranswomare being discovered targeting Android devices.
"Prevention is essential and companies can take advantage of resources being developed for Connect Smart which which begins on Monday 16 June with coordination being lead by New Zealand's Nattional Cyber Policy Office," Mr Hails says.