The Department of Justice reports that the Cryptolocker ransomware virus is no longer a threat. By seizing control of the command and control servers for the program, the DoJ has removed Cryptolocker's ability to operate.
Cryptolocker needs to communicate with the servers to encrypt the files on an infected computer. The owner would then be asked to pay to regain access to the files.
The DoJ is now redirecting the traffic that would go to the Cryptolocker servers, making it impossible for the virus to encrypt any files even if it infects a computer. The department also neutralized Gameover Zeus, a network of infected computers that were used to gain access to financial information and steal millions of dollars.
"We succeeded in disabling Gameover Zeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law enforcement tools and developed strong working relationships with private industry experts and law enforcement counterparts in more than 10 countries around the world," says Deputy Attorney General James Cole in a statement.
The DoJ filed a status update with a federal court saying that all or nearly all of the computers infected with Cryptolocker were being successfully redirected to DoJ servers when attempting to communicate with command and control. Traffic directed at the Gameover Zeus botnet is also being redirected. Although more than 137,000 computers remain infected, the communications intercept prevents commands from reaching those computers. The DoJ has set up a website to assist those whose computers are infected with removing the malware.
Although the threat has been neutralized, the group of cyber criminals responsible for it has not. Evgeniy Bogachev is suspected of being the leader of the group, which operated out of Russia and Ukraine. He remains at large, and is currently featured on the FBI's Cyber Most Wanted List. Bogachev's group is rumored to have already begun developing and distributing a new malware program to replace Gameover Zeus.
The new malware system may be more centralized in an effort to remove the FBI's ability to pull the same trick twice. The fact that the group is continuing operations comes as no suprise to most analysts, as the malware scheme has proven very profitable despite the efforts of law enforcement agencies worldwide.
"These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt," says Assistant Attorney General Caldwell.
The DoJ is confident that the threat of the existing malware programs has been permanently eliminated, but will be issuing an update Aug. 15 to re-examine the situation.
