On June 2, 2014, in collaboration with the European Cybercrime Centre at Europol, the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) announced a multi-national effort to disrupt the GameOver Zeus botnet, an extremely sophisticated type of malware designed to steal banking and other credentials from infected computers. The DOJ and the FBI also announced that command and control servers central to CryptoLocker, a form of “ransomware” that encrypts and locks the files on victims’ computers and demands a fee in return for unlocking those files, had been seized.
The GameOver Zeus botnet has a decentralized, peer-to-peer command and control infrastructure, which can dispatch instructions to the infected computers from any of the infected computers. Once infected, victim’s computers become part of a global network of compromised computers that cyber criminals can use for criminal purposes beside stealing confidential information from the infected computers themselves. Stolen credentials are used, for example, to initiate or re-direct wire transfers to accounts overseas that are controlled by cyber criminals. The FBI estimated GameOver Zeus was responsible for more than $100 million in losses.
In addition, the DOJ led a separate multi-national action to disrupt CryptoLocker, also known as “ransomware” that encrypts and locks the files on victims’ computers. Victims of CryptoLocker are forced to pay hundreds of dollars to receive the key necessary to decrypt the files on their infected computers. One estimate indicated that more than $27 million in ransom payments were made in just two months since CryptoLocker emerged.
The DOJ also announced that a federal grand jury in Pittsburgh unsealed a 14-count indictment against Evgeniy Mikhailovich Bogachev, charging him with conspiracy, computer hacking, wire fraud, bank fraud and money laundering in connection with his alleged role as an administrator of the GameOver Zeus botnet. Evgeniy Mikhailovich Bogachev, identified in court documents as the leader of cyber criminals based in Russia and Ukraine, responsible for both GameOver Zeus and CryptoLocker schemes, was added to the FBI’s Cyber’s Most Wanted List.
The Department of Homeland Security offers a website for victims of GameOver Zeus for assistance in removing the malware.
Written by Maki DePalo, Associate, Privacy & Data Security | Alston & Bird LLP