The FBI said Monday that it disrupted the GameOver Zeus botnet, believed to be responsible for more than $100 million in damages to businesses and consumers, and filed criminal charges against the malware’s Russia-based administrator.
Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russia, was placed on the FBI’s Cyber’s Most Wanted List as a result of the federal investigation, which was conducted in Pittsburgh, Pennsylvania, and Omaha, Nebraska. U.S. and foreign law enforcement agencies seized computer servers central to the malware, known as Cryptolocker, a type of ransom that encrypts files on victims’ computers until they pay up.
“This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a complex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users access to their own files and data,” U.S. Deputy Attorney General James M. Cole said in a statement. “We succeeded in disabling GameOver Zeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law enforcement tools and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world.”
The FBI described GameOver Zeus as “an extremely sophisticated type of malware designed specifically to steal banking and other credentials from the computers it infects. It’s predominately spread through spam e-mail or phishing messages.”
GameOver Zeus captured banking credentials from infected computers, then used the credentials to initiate or re-direct wire transfers to accounts overseas used by criminals. The scheme was believed to have caused more than $100 million in damages to consumers and businesses.
The botnet had a decentralized, peer-to-peer command and control infrastructure, which meant that instructions to infected computers can come from any other infected computer in the network. The FBI said that structure made the takeover of GameOver Zeus “more difficult, but not impossible.”
“GameOver Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” FBI Executive Assistant Director Robert Anderson Jr., said in a statement. “The efforts announced [Monday] are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the U.S. government.”
In Pittsburgh, a 14-count indictment brought against Bogachev was unsealed Monday that included charges of conspiracy, computer hacking, wire fraud, bank fraud and money laundering in connection with his alleged role in GameOver Zeus. In Omaha, he was charged with conspiracy to commit bank fraud for his alleged involvement in the operation of a previous version of Zeus malware known as Jabber Zeus.
A civil injunction filed in Pittsburgh federal court claimed Bogachev was the leader of “a tightly knit gang of cyber criminals based in Russia and Ukraine that is responsible for the development and operation of both the GameOver Zeus and Cryptolocker schemes,” the U.S. Justice Department said. The investigation found that GameOver Zeus was used as a way to distribute Cryptolocker.
The U.S. Department of Homeland Security created a website that assists GameOver Zeus victims in removing the malware. That website can be found here.