Cryptolocker Ransomware Threat Has Been Stopped
The Department of Justice declared victory over the Cryptolocker Trojan, calling its global operation against the Gameover Zeus botnet effective in completely knocking out the infrastructure used to communicate with the notorious ransomware.
Cryptolocker emerged in 2013, crippling consumer and business PCs by encrypting the files and demanding victims pay a fee for the key to access the files. The government believes 30-year-old Russian computer programmer Evgeniy M. Bogachev controlled the Gameover Zeus infrastructure and may have masterminded the attack campaign. The Gameover Zeus botnet and Cryptolocker infected hundreds of thousands of computers around the world and generated losses exceeding $100 million.
“Government testing of Cryptolocker malware samples has confirmed that Cryptolocker is no longer able to encrypt newly infected computers and, as a result, is not currently a threat,” the government said in an update filed in the U.S. District Court of Western Pennsylvania Friday.
Bogachev is still being sought by police and remains on the FBI’s Cyber Most Wanted List. Solution providers told CRN that the Cryptolocker attacks plagued many of their customers, including small and midsize businesses that were forced to wipe systems completely and restore from backup.
The number of Gameover Zeus infections has dropped 31 percent since June 6, shortly after a law enforcement operation seized the command-and-control servers communicating with infected systems. The number of infected systems fell from 200,407 in June to 137,863 as of July 7, according to the Justice Department, which praised ISPs for communicating with owners of infected systems.Zeus banking Trojan infections, however, remain active, according to malware analysts monitoring new attacks.
Ransomware scams have been successfully targeting Microsoft Windows PCs for years but typically locked up victims browsers. Cryptolocker used stronger encryption, making it nearly impossible to crack, say security experts who are monitoring a new wave of copycat infections. The new CryptoWall malware, detailed by researchers at Intel Security (formerly McAfee), is spreading through phishing messages, the company said.
Once a system is infected, the attackers behind CryptoWall set a deadline and demand a $500 payment for the key to unlock the encrypted files. After the deadline passes the fee increases to $1,000, according to Intel Security.
Ransomware kits, which automate the process for criminals, are becoming more prevalent, Intel Security said, predicting malware infections to increase on mobile devices. U.K. security vendor Sophos detected Simplelocker, an Android Trojan that encrypts mobile files and demands payment using the similar Cryptolocker extortion scam.
If your system has been infected by CryptoLocker, disconnect it from the Internet, turn the system off, and contact Orange County Computer immediately at 949-699-6619 or contact our Support Team via email. Our technical team will work with you to remove and unlock your files.
Information originally obtained from CRN’s Robert Westervelt. View Robert Westervelt‘s story here.