Warning over computer attack as NCA leads operation to take down servers

The National Crime Agency has led a major European operation to tackle malicious software (malware) which is known to have infected tens of thousands of computers in the UK.

The Agency’s National Cyber Crime Unit (NCCU) worked with law enforcement colleagues in the Netherlands, Italy and Germany, co-ordinated through Europol’s European Cybercrime Centre (EC3), to shut down command and control servers used by a ‘botnet’ network of infected computers.
 
One of the servers was housed in Gosport, Hampshire.
 
This botnet, named RAMNIT, spread malware via seemingly trustworthy links sent out on phishing emails or social networking websites. If users running Windows operating systems clicked on the links, the malware would be installed, infecting the computer.
 
Infected computers would then be under the control of criminals, enabling them to access personal or banking information, steal passwords and disable antivirus protection.
 
Investigators believe that RAMNIT may have infected over three million computers worldwide, with around 33,000 of those being in the UK. It has so far largely been used to attempt to take money from bank accounts.
 
Analysis is now taking place on the servers and an investigation is ongoing.
 
Steve Pye from the NCA’s National Cyber Crime Unit said:
 
“Through this operation, we are disrupting a cyber crime threat which has left thousands of ordinary computer users in the UK at risk of having their privacy and personal information compromised.
 
“This malware effectively gives criminals a back door so they can take control of your computer, access your images, passwords or personal data and even use it to circulate further spam messages or launch illegal attacks on other websites.
 
“As a result of this action, the UK is safer from RAMNIT, but it is important that individuals take action now to disinfect their machines, and protect their personal information.”
 
The operation to take down RAMNIT was co-ordinated by the Joint Cybercrime Action Taskforce (J-CAT) based at Europol’s European Cybercrime Centre (EC3).
 
Europol was alerted to RAMNIT by Microsoft, after data analysis showed a big increase in infections.
 
J-CAT was launched in September 2014 and involves law enforcement agencies from across Europe plus Canada and the United States to share intelligence and expertise on cross-border cyber crime. Initially a six-month pilot project, the Taskforce will continue to make an important contribution to international operations to combat cyber crime.
 
Andy Archibald, Deputy Director of the National Cyber Crime Unit, and Chair of J-CAT, added:
 
“Strong international cooperation is crucial to success in tackling the major cyber crime threats facing the UK and its partners.
 
“This operation is a further demonstration of the value J-Cat is adding to our efforts to disrupt criminal infrastructures, and ensure the UK is a safe place to interact and do business online.”

Disinfect your computer

The NCA is now advising people to check whether their computer has been infected. by downloading specialist disinfection software, which is available free of charge at CyberStreetWise or GetSafeOnline.
 
The disinfection tools will identify whether a computer has been infected and, if so, disinfect it. The tool will cause no harm if used on computers that have not been infected. Those whose computers have been affected should then change passwords on banking, email, social media and other potentially sensitive online accounts.

As well as disinfection tools you can also find tips and information on staying safe online. Most malware can usually be avoided by following the basics:

– having up-to date security (anti-virus) software installed on all devices

– not opening links within emails from unknown or suspicious sources

image:axon-it