Feds declare big win over Cryptolocker ransomware
'Neutralized' the extortion software, but hacker gang is already spewing new malware, experts say
Computerworld - Even as security researchers reported that the hacker gang responsible for the Gameover Zeus botnet had begun distributing new malware, U.S. government officials last week claimed victory over the original and said that the Cryptolocker ransomware that the botnet had been pushing has been knocked out.
On Friday, the Department of Justice filed a status update with a federal court in Pennsylvania, telling the judge that both the Gameover Zeus botnet and Cryptolocker "remained neutralized."
"Analysis to date indicates that all or nearly all of the active computers in the [Gameover Zeus] network are communicating exclusively with the substitute server established pursuant to this Court's Orders," the document stated.
In early June, the DOJ, along with law enforcement agencies in several other countries, grabbed control of the Gameover Zeus botnet and filed both criminal and civil charges against the alleged administrator of the botnet, Evgeniy Bogachev, a Russian national who remains at large.
Cryptolocker, a type of "ransomware" -- the term for extortion malware that encrypts files and then tries to convince users to pay to have them decrypted -- was distributed exclusively by Gameover Zeus.
The disruption of the original Gameover Zeus, and cleanup efforts by various countries' computer security response teams, or CIRTs, and Internet service provides, have reduced the number of infected PCs by more than 31%, the DOJ said in the Friday report. More than 137,000 machines remain infected, however.
"Government testing of Cryptolocker malware samples has confirmed that Cryptolocker is no longer able to encrypt newly infected computers and, as a result, is not currently a threat," the prosecutors added. "Cryptolocker must communicate with its command and control infrastructure in order to encrypt newly infected computers. As of today, the injunctive relief ordered ... knocked all of Cryptolocker's infrastructure offline, and has thereby neutralized Cryptolocker."
Court orders last month allowed authorities to seize the servers that issued commands to Gameover Zeus and Cryptolocker and to redirect infected PCs' requests for instructions to government-controlled servers.
Bogachev, who was put on the FBI's Cyber Most Wanted List last month, has not been arrested. He joined four officers of the People's Liberation Army (PLA), China's military, who were accused of digital spying in May, on the FBI's list.
Even as the DOJ gave the federal judge the Gameover Zeus/Cryptolocker update, experts said that the cybercriminal gang behind the botnet was at it again.
According to Dell SecureWorks' Counter Threat Unit, those responsible for the original Gameover Zeus network have begun disseminating new malware via spam since at least July 10.
The hackers, unable to access their command-and-control servers after authorities seized the systems last month, have created an alternate that relies on a more centralized infrastructure, said SecureWorks.
The group's reappearance was not a surprise: Security professionals had predicted that the government's June takedown would not permanently stamp out either the gang or put an end to ransomware, which has a rich history, literally and figuratively, going back at least nine years.
In the report filed with the federal court, the DOJ said it would issue another status update on the original Gameover Zeus botnet and Cryptolocker malware infections on Aug. 15.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter, at Twitter @gkeizer, and on Google+, or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
- Russian credential theft shows why the password is dead
- Cybersecurity should be professionalized
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!