The FBI and the U.S. Department of Justice yesterday announced a multinational effort to take down the GameOver Zeus botnet, the seizure of command and control servers for the Cryptolocker ransomware, and the unsealing of criminal charges against alleged botnet administrator Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russian Federation.
Bogachev was identified as the leader of a cybercrime gang in Russia and Ukraine responsible for the development and operation of both the GameOver Zeus botnet and the Cryptolocker ransomware.
The GameOver Zeus malware, which is spread primarily through spam or phishing emails, is designed to steal banking credentials from infected computers, and to connect those computers to a botnet.
According to the FBI, losses attributable to GameOver Zeus are currently estimated to exceed $100 million.
“Unlike earlier Zeus variants, GameOver has a decentralized, peer-to-peer command and control infrastructure rather than centralized points of origin, which means that instructions to the infected computers can come from any of the infected computers, making a takedown of the botnet more difficult,” the FBI explained in a statement.
To that end, the U.S. obtained civil and criminal court orders authorizing measures to sever communications between infected computers and redirect those communications away from criminal servers to servers under government control.
U.S. and foreign law enforcement officials also yesterday announced the seizure of Cryptolocker ransomware command and control servers. As of April 2014, Cryptolocker was estimated to have infected more than 234,000 computers.
“We succeeded in disabling Gameover Zeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law enforcement tools and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world,” Deputy Attorney General James M. Cole said in a statement.