Massive botnet takedown stops spread of Cryptolocker ransomware
Jarvis attributed Cryptolocker's success to several factors, notably the sophistication of its code, specifically the encryption it used to lock legitimate owners out of their data. "This is a well-written piece of software," said Jarvis. "And they got the encryption right. There are no loopholes and no flaws."
Earlier examples of ransomware were often sloppy, and in some cases their lock-out mechanisms could be circumvented. Not so with Cryptolocker. Once run, it left victims with only two options: Pay the ransom or restore the now-inaccessible data from backups.
Cryptolocker also benefited from the vertical integration of the gang -- more like a business than a criminal gang, in fact -- behind Gameover Zeus, said Jarvis. The gang included highly-proficient programmers, a dedicated distribution channel and an advanced command-and-control infrastructure.
"It's impossible to do [something like] this by yourself," Jarvis said, nodding to the old days when individual cyber criminals could compete with well-financed crews like the one responsible for Gameover Zeus and Cryptolocker.
While Cryptolocker is down and out, Jarvis and other experts believe the reprieve may be temporary, and not only because of the likes of Cryptowall and Cryptodefense, which aren't cut of the same cloth. "Cryptowall is just not as well built [as Cryptolocker]," Jarvis contended.
"Short term, this is huge because it's taken one of the largest botnets off the market," said Jarvis. "How long that continues, though, we don't know." Jarvis pointed out that some botnet takedowns have resulted in permanent eradication -- the hackers essentially threw in the towel -- but other gangs have recovered after similar blows within months.
While Gameover Zeus is suppressed, consumers and businesses should make use of the time to wipe the malware from infected machines and secure their PCs by updating their operating systems and applications, and ensuring the systems are protected by security software.
"There's a window of opportunity now while Gameover Zeus is down for the count," said Jarvis. "If you're going to clean [your PC], do it now when they're on the ropes."
US-CERT (United States Computer Emergency Readiness Team), part of the Department of Homeland Security, has published an alert about the takedown that includes links to several sources of malware-cleaning utilities from the likes of Microsoft, Symantec and Trend Micro.
"[The takedown] sends a clear message to criminals," said Jarvis when asked whether the campaign had been worthwhile. "We will disrupt your means of making money and put your face on the wanted poster."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts