On June 2, 2014, the U.S. Department of Justice announced a U.S.-led multinational effort to disrupt the “Gameover Zeus” botnet and the malware known as “Cryptolocker.” The DOJ also unsealed charges filed in Pittsburgh, Pennsylvania and Omaha, Nebraska against an administrator of Gameover Zeus.
Gameover Zeus, a sophisticated type of malware that first emerged in 2011, is designed to steal banking and other credentials from the computers it infects. Security researchers estimate that approximately 25% of the 500,000 to one million computers infected worldwide are located in the United States.
Cryptolocker, which first appeared in 2013, encrypts the computer files of its victims and forces victims to pay a ransom to unlock the files. Estimates indicate that approximately half of the 234,000 computers affected by Cryptolocker are located in the U.S.
“Gameover Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” said FBI Executive Assistant Director Robert Anderson. According to Deputy Attorney General James Cole, the effort to disable Gameover Zeus and Cryptolocker succeeded “only because we blended innovative legal and technical tactics with traditional law enforcement tools and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world.”
A federal grand jury in Pittsburgh unsealed an indictment charging an alleged administrator of the Gameover Zeus botnet with conspiracy, computer hacking, wire fraud, bank fraud and money laundering. In a separate civil injunction, the alleged administrator is identified as a leader of a cybercriminal gang based in Russia and Ukraine. An additional criminal complaint filed in Omaha charged the same individual with conspiracy to commit bank fraud related to his alleged involvement with a prior variant of Zeus malware.
Read our previous blog entry about Gameover Zeus and how cyber insurance may help mitigate risks posed by malware.