WASHINGTON D.C. – A Russian has been indicted for his role as an administrator of Gameover Zeus, a cyber threat that secretly diverted millions of dollars to bank account of criminals across throughout the world, federal officials said today at a press conference.
Officials said authorities disrupted Gameover Zeus and the malicious software known as Cryptolocker, a ransomware, which has shutout hundreds of thousands of users from their computers and demanded that victims pay to get access back to their own machines and information, federal officials state.
Officials said they identified Evgeniy Bogachev, a Russian national, as one of the leaders of the Eastern Europe cyber-criminal gang that is responsible for these schemes.
These crimes have earned Bogachev a place as a “21st Century criminal” who commits cyber crimes across the globe and have earned him a place as one of the world’s most-wanted cyber criminals, officials said.
As alleged in the unsealed indictment, Gameover Zeus is the most sophisticated and damaging botnet ever encountered.
A botnet is network of private computers infected with malicious software and controlled as a group without the owners’ knowledge.
How Gameover Zeus Works
Frequently targeting the computers of small and mid-size businesses, the Gameover Zeus software intercepts passwords and other private information that can be used to conduct wire transfers, and then initiates or re-directs wire transfers from victims’ bank accounts to foreign bank accounts controlled by the criminals, according to authorities.
Multi-Millions of Dollars Diverted
Individual fraudulent wire transfers conducted through Gameover Zeus commonly exceed $1 million, officials said. At least one fraudulent wire transaction amounted to $6.9 million, officials claim.
Security researchers estimate that between 500,000 and 1 million computers worldwide are infected with Gameover Zeus, and that approximately 25 percent of the infected computers are located in the United States, officials said.
The total losses worldwide are unknown, but we believe that losses exceed $100 million to U.S. victims alone. Because many of the victims are small- and mid-sized businesses, their accounts typically do not have the same legal protections afforded to consumer accounts, so such losses can be devastating.
The Crytolocker is a Type of Malicious Software
Cryptolocker is a form of “ransomware,” a type of malicious software that prevents victims from accessing their computer files until they make a ransom payment to the criminals.
It is the most sophisticated form of ransomware yet seen. Once it infects a victim’s computer, Cryptolocker encrypts its files and displays a ransom note on the screen, instructing victims to pay hundreds of dollars – typically in the crypto-currency Bitcoin – to receive a password to decrypt their files, authorities said.
The Attack and Cyber Hostage-Taking by Crytolocker
As of April 2014, Cryptolocker had attacked more than 200,000 computers, and more than half of those attacks occurred here in the United States, officials said.
In its first two months of operation alone, it has been estimated that the criminals behind Cryptolocker collected over $27 million in ransom payments from victims seeking to get access to their files back.
The Cyber Criminal Investigation
Officials said this law enforcement operation deployed innovative legal and technical approaches designed to block and disrupt these malicious computer codes, at the same time we used traditional legal tools to collect and seize evidence and to identify and charge those involved.
Authorities worked with private-sector security experts to master the Gameover Zeus software and expose its weaknesses. They got a criminal investigative order from a federal court to identify the infected computers. They also obtained a civil order from the same court to establish a new server so that the infected computers could be redirected and stopped from surreptitiously communicating with computers controlled by the criminals.
This operation simply would not have been possible without the strong partnerships established with other governments and with private industry, officials said.
The Gameover Zeus botnet affects victims around the world and rests on cyber infrastructure set up by the criminals in a half dozen countries.
The investigation was conducted with help and close coordination of authorities throughout the world, officials said.