Feds Take Down Gameover Zeus Botnet and Cryptolocker, For Now - Technologist
Technologist - The FindLaw Legal Technology Blog

Feds Take Down Gameover Zeus Botnet and Cryptolocker, For Now

Evgeniy Mikhailovich Bogachev.

Meet the man at the top of the FBI's Cyber Most Wanted, who along with his associates (also on the list), is responsible for two of the most damaging computer viruses in history: Cryptolocker and Gameover Zeus, as well as JabberZeus, a less sophisticated virus that spread earlier.

Yesterday, the Justice Department unsealed the criminal cases in Nebraska and Pennsylvania against the yet-to-be-apprehended man and his cohorts, accusing them of pilfering millions through stolen information and ransomware.

Cryptolocker

Ransomware is, in a way, pretty brilliant. A user's computer is locked down and a message, promising to delete everything, unless a ransom is paid, displays on the screen.

Often, the messages appear to come from law enforcement agencies, and demand immediate payment of a criminal fine. The more sophisticated variants of the software could even localize the logos of those agencies.

Cryptolocker was widely reported to be one of the most sophisticated variants out there, targeting everything from individuals to police departments and even law firms. The virus recently went mobile, attacking and locking users' cell phones as well.

Our favorite Cryptolocker story has to be the alleged pedophile whose computer full of child porn was locked down by the virus. He went to the police station, asked about outstanding warrants, and then consented to a search.

Gameover Zeus Botnet

The Gameover Zeus botnet, on the other hand, was more proactive: instead of asking users to pay ransom, it took the money by infecting computers with software that could track and infiltrate sensitive information, such as banking credentials. Haysite Reinforced Plastics, the sole victim named in the indictment, lost roughly $824,000 in a single day.

Botnets, generally, are networks of infested computers that can be controlled remotely, either for purposes of stealing information, or to launch coordinated actions, such as attacks on servers by sending thousands of requests at once (the Distributed Denial of Service or DDoS attack).

Is it Over?

Probably not. The FBI, DHS, DOJ, foreign powers, and domestic tech companies all worked together to shut down Bogachev's two schemes, but did so by redirecting infected computers to safe servers after shutting down the Bogachev's command and control center.

However, he's still on the loose and according to the BBC, the UK's National Crime Agency (NCA) is warning users that they have about "two weeks" before the criminals would likely have their botnet up and running again.

The U.S. Computer Emergency Readiness Team (US-CERT) has posted instructions for dealing with Gameover Zeus and Cryptolocker, which basically boil down to common sense: don't open strange emails, keep your operating system and antivirus up to date, and back up files regularly.

It's also interesting to note that, despite news outlets stating that Russian authorities are being "cooperative," that country does not extradite suspects. (See: Edward Snowden.)

Related Resources: