Saturday, July 12, 2014

DOJ's Update on Gameover Zeus and Cryptolocker Malware Disruption

DOJ's Update on Gameover Zeus and Cryptolocker Makware Disruption

Posted By CotoBlogzz

Ranch Santa Margarita, CA -  The Justice Department yesterday filed a status report with the United States District Court for the Western District of Pennsylvania updating the court on the progress in disrupting the Gameover Zeus botnet and the malicious software known as Cryptolocker.

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting target files, it will display a CryptoLocker payment program that prompts the target  to send a ransom usually of $100 or $300 in order to decrypt the files. The screen will also display a timer stating that the target had 72 hours, or 4 days, to pay the ransom or it will delete the target's encryption key and the victim will not have any way to decrypt the victim's files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once the victim sends the payment and it is verified, the program will decrypt the files that it encrypted.

The disruption began in late May, when the Justice Department implemented a series of Court-authorized measures to neutralize Gameover Zeus and Cryptolocker

Gameover Zeus is a sophisticated piece of malware (malicious software) which can take over your PC without your knowledge, giving those in control of it access to everything you do, as well as giving them the ability to record your keystrokes, video what you do on screen and even turn on your webcam.

Gameover is used by the criminal gang operating it to seek out and identify financial information stored on the victim's computer as well as capturing any credentials entered into online banking or shopping sites. Once they have this information, they use it to re-direct bank transfers into their own accounts.

In the status report, the Justice Department informed the Court that the technical and legal measures undertaken to disrupt Gameover Zeus and Cryptolocker have proven successful, and that significant progress has been made in remediating computers infected with Gameover Zeus.

The Justice Department reported that all or nearly all of the active computers infected with Gameover Zeus have been liberated from the criminals’ control and are now communicating exclusively with the substitute server established pursuant to court order.   The Justice Department also reported that traffic data from the substitute server shows that remediation efforts by internet service providers and victims have reduced the number of computers infected with Gameover Zeus by 31% since the disruption commenced.

The Justice Department also reported that Cryptolocker has been neutralized by the disruption and cannot communicate with the infrastructure used to control the malicious software.   As a result, Cryptolocker is effectively non-functional and unable to encrypt newly infected computers.

Computer users who believe they may be infected with Gameover Zeus are encouraged to visit the Department of Homeland Security’s dedicated Gameover Zeus webpage, which is located at .   Among other resources, the webpage includes links to tools from trusted vendors that can detect and remove the Gameover Zeus infection.

No comments: