International effort shuts down Gameover Zeus, Cryptolocker

By Erin Ayers on June 4, 2014

cybercrimeUnited States and foreign officials this week came together in a coordinated effort to end the campaign of cyber-terror being waged by criminals via two exceptionally damaging threats known as Gameover Zeus and Cryptolocker.

According the U.S. Department of Justice, Gameover Zeus, also known as P2PZeus, has stolen millions of dollars from businesses and consumers via wire transfers from the victims’ bank accounts to criminally-controlled accounts. The malicious software silently infects computers, stealing financial information and adding the computers to a global “botnet” that the officials called “the most sophisticated and damaging botnet we have ever encountered.” The infected computers are controlled remotely through a decentralized command system, according to the officials. “Zeus” refers to a collection of bank-information-stealing malware.

“This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a complex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users access to their own files and data,” said Deputy Attorney General James M. Cole.   “We succeeded in disabling Gameover Zeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law enforcement tools and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world.”

“The borderless, insidious nature of computer hacking and cybertheft requires us to be bold and imaginative,” said U.S. Attorney David J. Hickton of the Western District of Pennsylvania.  “We take this action on behalf of hundreds of thousands of computer users who were unwittingly infected and victimized.”

Security researchers estimate that between 500,000 and 1 million computers worldwide are infected with Gameover Zeus, and that approximately 25 percent of the infected computers are located in the United States,” stated Cole. He explained that an Eastern European cybercrime gang has been discovered as the mastermind of the scheme and Evgeniy Mikhailovich Bogachev, a Russian national, was indicted this week in a Pittsburgh federal court for his role as a Gameover administrator.

Cryptolocker functions by installing malicious “ransomware” on target computers, locking down the users’ files until they pay the criminals to relent. The complaint against Bogachev noted that the ransom amount can range up to $750 or more.

Cole said, “Once it infects a victim’s computer, Cryptolocker encrypts its files and displays a ransom note on the screen, instructing victims to pay hundreds of dollars – typically in the cryptocurrency Bitcoin – to receive a password to decrypt their files. As of April 2014, Cryptolocker had attacked more than 200,000 computers, and more than half of those attacks occurred here in the United States. In its first two months of operation alone, it has been estimated that the criminals behind Cryptolocker collected over $27 million in ransom payments from victims seeking to get access to their files back.”

Cole reported that United States officials worked with private sector security and technology companies, as well as law enforcement from Australia, the Netherlands, Germany, Japan, France, Italy, Luxembourg, New Zealand, Canada, Ukraine and the United Kingdom to take down the criminals. The UK’s National Crime Agency has launched a website to assist consumers in protecting themselves against Gameover Zeus and Cryptolocker to verify if their computer has been infected with the malware.

“The Gameover Zeus botnet affects victims around the world and rests on cyber infrastructure set up by the criminals in a half dozen countries,” said Cole. “So our success has depended heavily on our close coordination with our law enforcement counterparts around the world.   And we have worked extremely well with private sector industry leaders, who provided needed assistance to identify and research malware, and to pinpoint and fix the software vulnerabilities that the criminals have exploited.   This flexibility, and these combinations – of traditional and innovative legal and technical tools, and of multi-national and multi-stakeholder partnerships – are what is required to combat modern cyber threats like Gameover Zeus and Cryptolocker.”

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].