Menu
Law enforcement agencies disrupt Gameover Zeus botnet

Law enforcement agencies disrupt Gameover Zeus botnet

Two U.S. courts unseal charges releated to the giant botnet and the Cryptolocker ransomware

The U.S. Department of Justice, working with law enforcement agencies in other countries, revealed Monday a multinational effort to disrupt Gameover Zeus, a 2-year-old botnet employing an estimated 500,000 to 1 million compromised computers.

Two U.S. courts, meanwhile, have unsealed criminal charges against the alleged administrator of the giant Gameover Zeus botnet. The FBI estimates that Gameover Zeus, which targets banking credentials and other personal information, is responsible for more than US$100 million in losses.

In a separate but related action, U.S. and foreign law enforcement officials worked together to seize computer servers central to the malware known as Cryptolocker, a form of ransomware that encrypts files on victims' computers until they pay a ransom, the DOJ said.

"This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a complex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users access to their own files and data," Deputy Attorney General James Cole said in a statement.

In the Gameover Zeus case, a grand jury in Pittsburgh has unsealed a 14-count indictment against Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russia, the DOJ announced Monday. The grand jury charged him with conspiracy, computer hacking, wire fraud, bank fraud and money laundering in connection with his alleged role as an administrator of Gameover Zeus.

Bogachev was also charged by criminal complaint in Omaha, Nebraska, with conspiracy to commit bank fraud related to his alleged involvement in the operation of a prior variant of Zeus malware known as Jabber Zeus.

"Gameover Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt," FBI Executive Assistant Director Robert Anderson Jr. said in a statement. "The efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the U.S. government."

In a separate civil injunction application filed in Pittsburgh, Bogachev is identified as the alleged leader of a tightly knit gang of cybercriminals based in Russia and Ukraine responsible for the development and operation of both the Gameover Zeus and Cryptolocker schemes.

A law enforcement investigation identified the Gameover Zeus network as a common distribution mechanism for Cryptolocker, the DOJ said.

Unsolicited emails containing an infected file purporting to be a voicemail or shipping confirmation are also widely used to distribute Cryptolocker. When opened, those attachments infect victims' computers. Bogachev is alleged in the civil filing to be an administrator of both Gameover Zeus and Cryptolocker.

Law enforcement agencies from several countries also participated in efforts to disrupt Gameover Zeus and Cryptolocker.

The U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) has published a website to help victims of Gameover Zeus remove the malware.

In addition to the criminal charges announced Monday, U.S. law enforcement agencies have obtained civil and criminal court orders in Pittsburgh authorizing them to redirect the automated requests by victim computers away from the criminal operators to substitute servers established by investigators.

The order authorizes the FBI to obtain the Internet Protocol addresses of the victim computers reaching out to the substitute servers and to share that information with US-CERT, other countries' computer security agencies and private companies in an effort to assist victims of Gameover Zeus, the DOJ said. The FBI and other law enforcement agencies have not accessed the content of victims' computers or their electronic communications, the DOJ said.

Participating in the disruption operation were law enforcement agencies from Australia, the Netherlands, Germany, France, Italy, Japan, Canada, the Ukraine, the U.K. and other countries, the DOJ said.

In addition to the disruption operation against Gameover Zeus, the DOJ led a separate multi-national action to disrupt Cryptolocker, which began appearing about September 2013. The malware forces victims to pay as much as $700 to receive the keys necessary to unlock their files, the DOJ said.

By April, Cryptolocker had infected more than 234,000 computers, with approximately half of those in the U.S., the DOJ said. Victims made more than $27 million in ransom payments in the first two months after Cryptolocker emerged, according to one estimate.

Anyone claiming an interest in any of the property seized or actions enjoined pursuant to the court orders should visit the DOJ's Gameover Zeus website for notice of the full contents of the orders.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cybercrimelegalU.S. Department of JusticeU.S. Department of Homeland SecurityIdentity fraud / theftJames ColeRobert Anderson Jr.Evgeniy Mikhailovich Bogachev

Featured

Slideshows

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments