Ride the Lightning

Federal Agents Bust Zeus Botnet, Cryptolocker

June 4, 2014

As USA Today reported, federal agents seized a global network of computer servers known as Gameover Zeus Botnet used by cyber-criminals to spread malware and steal millions of dollars from businesses and consumers.

U.S. and foreign law enforcement agents, in separate actions, seized the computers that distributed the much-publicized malware known as "CryptoLocker" that freezes access to computer files until victims pay a ransom, often $700.

More than $100 million in losses were attributed to the schemes, which infected hundreds of thousands of computers, including a Massachusetts police department that paid a $750 ransom to restore its access to investigative files, digital mugshots and other administrative documents.

A 14-count indictment, unsealed Monday in Pittsburgh, charges Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russia, with directing Gameover Zeus. Charges include conspiracy, computer hacking, wire fraud, bank fraud and money laundering. Bogachev is charged in Omaha with conspiracy to commit bank fraud for his alleged involvement with an earlier version of the Zeus malware called "Jabber Zeus."

Court documents identify Bogachev as "Slavik," a computer nickname for a notorious leader of a tightly knit gang of cyber-criminals based in Russia and Ukraine allegedly responsible for both Gameover Zeus and CryptoLocker. The hackers allegedly used the Gameover Zeus network of infected computers to distribute CryptoLocker.

U.S. authorities are in contact with Russian officials in an attempt to secure Bogachev's arrest, though he remains a fugitive.

Gameover Zeus, also known as "P2P Zeus," is responsible for nearly 1 million infections worldwide since its first attack in September 2011. The malicious software is used to intercept online banking transactions. The software remains on the infected computers, which become part of a compromised network of computers known as a "botnet." The cyber-criminals can access computers in the botnet to retrieve compromised banking passwords or use the botnet to infect more computers.

Federal agents redirected botnet computers to Homeland Security cyber-squads to identify the infected computers, the Justice Department said. Once the computers are identified through their Internet addresses, private computer security companies will help victims remove the malware.

Cryptolocker has struck many law firms – I know a lot of lawyers are applauding this takedown!

June 24 Update: Well, the smackdown worked for about two weeks – Cryptolocker is now back, along with some of its kindred ransomware buddies. Make sure you contact your IT folks to ensure that you are well protected!

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq