Russian hacking suspect Evgeniy Mikhailovich Bogachev is wanted by the FBI for alleged responsibility for the GameOver ZeuS botnet. The sizeable $3 million reward for his arrest and/or conviction is the largest amount ever offered by United States authorities in a cybercrime case. It is believed that Bogachev is still in Russia.
GameOver ZeuS first reared its ugly head in 2011. A vital component to making GameOver ZeuS possible was the use of a type of ransomware called Cryptolocker. Cryptolocker works by installing itself onto a victim’s computer, typically via spam emails with an attachment that would be enticing for the victim to open. The attacker then has the ability to encrypt the victim’s personal files and hold them for ransom. Cryptolocker utilizes robust encryption which cannot be broken, and is therefore one of the most dangerous types of ransomware out there.
The typical transaction for a victim to regain control after becoming infected would transpire in a manner similar to this:
- Victim visits their bank online and fill out their login information.
- Attackers intercept the login information
- The attacker would attempt to log in to the victims account but might encounter additional security questions.
- The attacker would then extort the security question answers out of the victim and the victim would provide the required information in order to regain their information.
- Attackers would then log in to the victim’s account and complete the transaction.
Prior to its international takedown in which a multinational law enforcement team seized several servers that were vital to the operation , GameOver ZeuS infected between 500,000 to 1 million computers throughout the world. The FBI estimates that over $27 million dollars were taken in ransom payments.
Symantec reports that the countries most affected by these infections are the US (13%), Italy (12%), UAE (8%), UK (7%) and India (5%). Symantec also offers a downloadable tool on their site that can be used to completely remove GameOver ZeuS infections, which you can find here: http://www.symantec.com/security_response/writeup.jsp?docid=2014-052915-1402-99.
In this day and age where cybercrime is fairly rampant, it is important to remember to exercise extra caution when using the Internet. Run a scan on your computer to detect and remove any malware, Trojans, rootkits and viruses that may exist. Additionally, be sure to install antivirus software. While this software might not catch all threats, it definitely helps catch a large amount of malware. You can also block any emails attachments that have executable files. Lastly, consider deploying vulnerability software to catch unpatched software and avoid exploit kits. A bit of prevention on your part can save you a gigantic headache and an ample amount of money.