Feds declare big win over Cryptolocker ransomware
'Neutralized' the extortion software, but hacker gang is already spewing new malware, experts say
Computerworld - Even as security researchers reported that the hacker gang responsible for the Gameover Zeus botnet had begun distributing new malware, U.S. government officials last week claimed victory over the original and said that the Cryptolocker ransomware that the botnet had been pushing has been knocked out.
On Friday, the Department of Justice filed a status update with a federal court in Pennsylvania, telling the judge that both the Gameover Zeus botnet and Cryptolocker "remained neutralized."
"Analysis to date indicates that all or nearly all of the active computers in the [Gameover Zeus] network are communicating exclusively with the substitute server established pursuant to this Court's Orders," the document stated.
In early June, the DOJ, along with law enforcement agencies in several other countries, grabbed control of the Gameover Zeus botnet and filed both criminal and civil charges against the alleged administrator of the botnet, Evgeniy Bogachev, a Russian national who remains at large.
Cryptolocker, a type of "ransomware" -- the term for extortion malware that encrypts files and then tries to convince users to pay to have them decrypted -- was distributed exclusively by Gameover Zeus.
The disruption of the original Gameover Zeus, and cleanup efforts by various countries' computer security response teams, or CIRTs, and Internet service provides, have reduced the number of infected PCs by more than 31%, the DOJ said in the Friday report. More than 137,000 machines remain infected, however.
"Government testing of Cryptolocker malware samples has confirmed that Cryptolocker is no longer able to encrypt newly infected computers and, as a result, is not currently a threat," the prosecutors added. "Cryptolocker must communicate with its command and control infrastructure in order to encrypt newly infected computers. As of today, the injunctive relief ordered ... knocked all of Cryptolocker's infrastructure offline, and has thereby neutralized Cryptolocker."
Court orders last month allowed authorities to seize the servers that issued commands to Gameover Zeus and Cryptolocker and to redirect infected PCs' requests for instructions to government-controlled servers.
Bogachev, who was put on the FBI's Cyber Most Wanted List last month, has not been arrested. He joined four officers of the People's Liberation Army (PLA), China's military, who were accused of digital spying in May, on the FBI's list.
Even as the DOJ gave the federal judge the Gameover Zeus/Cryptolocker update, experts said that the cybercriminal gang behind the botnet was at it again.
According to Dell SecureWorks' Counter Threat Unit, those responsible for the original Gameover Zeus network have begun disseminating new malware via spam since at least July 10.
The hackers, unable to access their command-and-control servers after authorities seized the systems last month, have created an alternate that relies on a more centralized infrastructure, said SecureWorks.
The group's reappearance was not a surprise: Security professionals had predicted that the government's June takedown would not permanently stamp out either the gang or put an end to ransomware, which has a rich history, literally and figuratively, going back at least nine years.
In the report filed with the federal court, the DOJ said it would issue another status update on the original Gameover Zeus botnet and Cryptolocker malware infections on Aug. 15.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter, at Twitter @gkeizer, and on Google+, or subscribe to Gregg's RSS feed. His email address is email@example.com.
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!