The Federal Bureau of Investigation (FBI) and a team of foreign governments and multinational security firms busted what is known to be the world's most sophisticated operation to use malware that steals users' banking information and extort tens of millions of dollars from computer owners.
Federal prosecutors charged 30-year-old Evgeniy Mikhailovich Bogachev, the known ringleader of a million-dollar botnet dubbed Gameover Zeus, with conspiracy, computer hacking and money laundering. Bogachev, who goes by the online monikers of "Lucky12345," "Slavik" and "Pollingsoon," was last known to be residing in the resort town of Anapa in Krasnodar Krai, Russia, which currently has no extradition treaty with the U.S.
Deputy Attorney General James Cole said in a news conference, "As far as Russia, we are in contact with them and we've been having discussions with them about moving forward and about trying to get custody of Mr. Bogachev."
Gameover Zeus, an offshoot of the original Zeus Trojan which cropped up in 2007 to steal financial passwords, is a botnet or a worldwide network of computers infected with a malware of the same name that captures a user's banking information. The cybercriminals then use this information to direct overseas wire transfers from the user's bank accounts to their own.
Approximately 500,000 to a million computers are part of the botnet without their owners knowing about it and $100 million have been lost in unauthorized wire transfers by Gameover Zeus, the FBI estimates. In court documents opened Monday, one materials company in Pennsylvania lost $198,000 in an unauthorized wire transfer by Gameover Zeus.
In addition, the malware also installs Cryptolocker, a sophisticated type of ransomware, into a user's computer and encrypts the user's files until the user sends money to receive the key that decrypts the files. The cybercriminals also used a spearphishing scam that sent emails with links or attachments to unknowing users, who would then click on the links or open the attachments to download and install Cryptolocker into their systems.
As of April 2014, around 234,000 machines were infected with the ransomware, with around half of those found in the U.S. The FBI says approximately $27 million were paid in ransom of users' important files, including $750 paid by a local police department in Massachusetts to ransom its investigation files.
"These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt," said Assistant Attorney General Leslie Caldwell in a statement. "Through these court-authorized operations, we have started to repair the damage the cyber-criminals have caused over the past few years, we are helping victims regain control of their own computers, and we are protecting future potential victims from attack."
The FBI encourages users who believe they are the victim of Gameover Zeus and Cryptolocker to visit US-cert website for assistance.