Global Police Disrupt Cryptolocker, Finger Alleged Mastermind

A global police operation has disabled the infrastructure behind the Cryptolocker ransom malware attack, and filed a criminal complaint against the Russian citizen alleged to have been behind it. Users have been told they have two weeks to fix infected machines before the bad guys regain control of the network they have been using.

Police took over large parts of the botnet the GameOver gang was using, redirecting its traffic. In the process, they claim to have uncovered Evgeniy Mikhaylovich Bogachev, accused of being the leader of the gang and the creater of the original Zeus malware – which infects computers and grabs banking details. A specially nasty verion of this, called GameOver Zeus was being used to spread the Cryptolocker code, which hijacked up to one million machines, encrypting their files, and demanding one Bitcoin to restore them.

Cryptolocker gang leader?

Bogachev, also known as “Lucky12345”, “Slavik”, and “Pollingsoon”, wrote the original Zeus  Trojan, police claim, and the gang collected more than $100 million, including ransoms paid by large corporations, banks and even police departments. Bogachev himself lives in the Black Sea town of Anapa.

The gang used a “botnet” of infected machines, which the authorities managed to reprogram so it would not respond to the villains. “We took control of the bots, so they would only talk with our infrastructure,” said Dell expert Brett Stone-Gross, who assisted the FBI, according to Reuters.

The operation involved authorities in Pennsylvania, as well as Ukraine, where police seized and copied command servers belonging to the gang. Over the weekend, police freed around 300,000 victim computers from the botnet. In the process, agents found Bogachev in online chats claiming authorship of the software.

No extradition likely

Although charged with the crime, Bogachev may not face trial, as there is no extradition agreement between the US and Russia. The US Department of Justice named him as part of a new policy, which also saw it expose five Chinese Army members for allegedly spying on US companies.

As criminals work to regain control of their botnets, a press release from the UK National Crime Agency warned users they have two weeks to clean their computers from the infection – although as security expert Graham Cluley pointed out, this may simply confuse people, and the cleanup may be more complex than it sounds.

“Unfortunately, if your computer has been compromised by GameOver Zeus you won’t be able to tell with the naked eye,” said Cluley. “You need good security software to clean-up your infection, and remove affected computers from the internet until they are safe to reconnect.”

Are you a security pro? Try our quiz!