Skip the navigation

Massive botnet takedown stops spread of Cryptolocker ransomware

June 5, 2014 02:15 PM ET

Jarvis attributed Cryptolocker's success to several factors, notably the sophistication of its code, specifically the encryption it used to lock legitimate owners out of their data. "This is a well-written piece of software," said Jarvis. "And they got the encryption right. There are no loopholes and no flaws."

Earlier examples of ransomware were often sloppy, and in some cases their lock-out mechanisms could be circumvented. Not so with Cryptolocker. Once run, it left victims with only two options: Pay the ransom or restore the now-inaccessible data from backups.

Cryptolocker also benefited from the vertical integration of the gang -- more like a business than a criminal gang, in fact -- behind Gameover Zeus, said Jarvis. The gang included highly-proficient programmers, a dedicated distribution channel and an advanced command-and-control infrastructure.

"It's impossible to do [something like] this by yourself," Jarvis said, nodding to the old days when individual cyber criminals could compete with well-financed crews like the one responsible for Gameover Zeus and Cryptolocker.

While Cryptolocker is down and out, Jarvis and other experts believe the reprieve may be temporary, and not only because of the likes of Cryptowall and Cryptodefense, which aren't cut of the same cloth. "Cryptowall is just not as well built [as Cryptolocker]," Jarvis contended.

"Short term, this is huge because it's taken one of the largest botnets off the market," said Jarvis. "How long that continues, though, we don't know." Jarvis pointed out that some botnet takedowns have resulted in permanent eradication -- the hackers essentially threw in the towel -- but other gangs have recovered after similar blows within months.

While Gameover Zeus is suppressed, consumers and businesses should make use of the time to wipe the malware from infected machines and secure their PCs by updating their operating systems and applications, and ensuring the systems are protected by security software.

"There's a window of opportunity now while Gameover Zeus is down for the count," said Jarvis. "If you're going to clean [your PC], do it now when they're on the ropes."

US-CERT (United States Computer Emergency Readiness Team), part of the Department of Homeland Security, has published an alert about the takedown that includes links to several sources of malware-cleaning utilities from the likes of Microsoft, Symantec and Trend Micro.

"[The takedown] sends a clear message to criminals," said Jarvis when asked whether the campaign had been worthwhile. "We will disrupt your means of making money and put your face on the wanted poster."

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg's RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.



Our Commenting Policies