Gameover Zeus and Cryptolocker: how to protect yourself

Jun 4, 2014

Security advice site remains offline 24 hours after revelation of Gameover Zeus cyber threat

Patrick Lux/Getty Images

More than 24 hours after people were told they have just two weeks to protect themselves against an online security threat known as Gameover Zeus, the government website that provides internet safety advice remains offline.

Police in the US and Europe said on Monday that they had disrupted two major online crime sprees that are thought to have netted hundreds of millions of dollars since they began in 2011. Two pieces of malicious software, or malware, known as Gameover Zeus and an associated viral scam known as Cryptolocker were taken offline.

Within hours of the announcements, the UK government's GetSafeOnline website had collapsed under the weight of traffic, and it has yet to provide a stable service. After the site went down, administrators tweeted that they were working to restore the service.

But a day later, the website is still offline.

In the absence of the official site, the government service has issued further advice via its Twitter account. Tips to web users concerned about their online safety include:



Further advice can be found at

What are Gameover Zeus and Cryptolocker?

Gameover Zeus is a form of malware that uses "spear-fishing" or fake emails to infect target computers with a virus. Once infected, hackers are able to "hijack computer sessions and steal confidential and personal financial information" to funnel money overseas, according to US Attorney for the Western District of Pennsylvania, David Hickton.

The Cryptolocker virus works slightly differently, ABC news reports. When Gameover Zeus cannot locate any financial information on a computer, some strains of the malware will install Cryptolocker – a "ransomware" program that locks a user's machine until a fee is paid, according to the BBC.

The FBI said that it believes Gameover Zeus could be responsible for "financial losses in the hundreds of millions of dollars".

What is being done?

American and European authorities say they have now cracked both threats, with simultaneous raids on servers all around the world, the BBC reports.

"The scale of this operation is unprecedented," said Steve Rawlinson from Tagadab, a web hosting company involved in the raid. "This is the first time we've seen a co-ordinated, international approach of this magnitude, demonstrating how seriously the FBI takes this current threat".

The operation has involved police taking control of a number of servers to prevent criminals from distributing the Gameover Zeus malware. But police warned that there would only be a two-week window of security after which hijackers may move their operations elsewhere.

What should I do?

The UK-based GetSafeOnline, a government-backed organisation has published a list recommendations for users to secure their computers. "This warning is not intended to cause you panic," the organisation said on its website, "but we cannot over-stress the importance of taking these steps immediately".

Security tips from GetSafeOnline
  • Install security software from GetSafeOnline's Facebook and Google+ profiles. The free tools will scan your computer to see if you are infected with Gameover Zeus and CryptoLocker, and remove them if necessary.
  • Never open attachments unless you are totally confident they are authentic.
  • Keep your internet security software up to date.
  • Update your Windows operating system with all new Microsoft updates
  • Back up your personal files regularly, including photos, documents, music, contacts and notes.
  • Never store your passwords on your computer so they cannot be accessed by malware programs
How well have the authorities reacted?

GetSafeOnline has been criticised for the performance of its website, which collapsed under the weight of people trying to access the site. "For many hours it was inaccessible," write BBC technology correspondent Rory Cellan-Jones. "A massive siren had been set off, people were running in all directions, but nobody was telling them where they should be heading."

Sign up for our daily newsletter

Disqus - noscript

shame on the russian hacker. we know exactly how to remove cryptolocker and decrypt the files back to normal. Alpha Digital Systems. Southall

It's a two way encryption, you need the private key to decrypt cryptolocker after it's taken hold. Nothing short of a brute force will let you get that key by any means other than being given it from elsewhere.

I can decrypt the files even after removing cryptolocker. Not needing any keys. Have software which can reverse it back to the date before it was infected. I have done a few customer computers last month. Including a nursery who had all her earnings and expenditure files encrypted. But we got it decrypted.

Even after paying it will not decrypt at times. Anyone who wants it to be decrypted. Then we can do it

Lying scumb@g! NO YOU CAN'T.
ATTN: EVERYONE: baz is out to take your $$$!

How can i scam you idiot? Please note that no payment is required untill you have checked that files open normally as it should. And we are a proper retail shop in london who carry out the work instore. Thank you.