The Gameover Zeus botnet, a network of virus-infected computers, targeted thousands of small businesses. And Cryptolocker, a software that encrypts files on computers, was used to extract ransom payments from computer owners who wanted access to their files
Federal prosecutors also announced charges against 30-year-old Evgeniy Bogachev, who they say led a gang of cyber criminals in Russia and Ukraine that was running Gameover Zeus.
The United States is in talks with Russian authorities to try to secure Bogachev’s arrest and have him sent to the U.S. for trial. But that remains an unlikely outcome at this point.
Gameover Zeus was responsible for more than $100 million in losses among U.S. victims, and up to one million computers worldwide were infected since 2011, according to the FBI.
Since emerging in 2013, Cryptolocker has been used to attack about 200,000 computers, half of which were in the U.S. In its first two months, criminals extorted an estimated $27 million from victims, Deputy Attorney General James Cole said Monday.
David Hickton, U.S. attorney in Pittsburgh, whose office filed the charges, said the action was intended to help “hundreds of thousands of computer users who were unwittingly infected and victimized.”
Among the victims, Hickton said, was the police department in Swansea, Mass.; it paid a ransom to cyber criminals to restore access to its files after its systems were infected by Cryptolocker.
In the case of Gameover Zeus, one victim lost $6.9 million from a fraudulent wire transfer from a bank account.
Victims’ computers were most commonly infected when a user clicked on a link in an email that appeared to come from a trusted source. Victims of botnets often don’t know their computers are infected until they’ve suffered losses.
The cases illustrate what is a fast-growing problem. While some criminals steal millions at a time from larger businesses, many more hope to evade notice by stealing relatively small amounts from small businesses and individuals.
In fact, many cyber criminals specialize in netting just a few hundred dollars from each victim. With potentially millions of victims, they can make large sums without attracting too much attention.
Leslie Caldwell, assistant U.S. attorney general for the Justice Department’s criminal division, said the operation to shut down Gameover Zeus began May 7, when Ukrainian authorities seized computer servers in Kiev and Donetsk that helped administer the botnet.
Ukraine’s assistance came amid the ongoing crisis in that country, with pro-Russian separatists seizing control of eastern portions of the country and Russia annexing the Ukrainian territory of Crimea.
The Homeland Security Department’s Computer Emergency Readiness Team is offering assistance to victims to remove the Gameover Zeus malware.