DOJ: Cryptolocker Trojan Is Now Out Of Commission


The Department of Justice declared victory over the Cryptolocker Trojan, calling its global operation against the Gameover Zeus botnet effective in completely knocking out the infrastructure used to communicate with the notorious ransomware.

Cryptolocker emerged in 2013, crippling consumer and business PCs by encrypting the files and demanding victims pay a fee for the key to access the files. The government believes 30-year-old Russian computer programmer Evgeniy M. Bogachev controlled the Gameover Zeus infrastructure and may have masterminded the attack campaign. The Gameover Zeus botnet and Cryptolocker infected hundreds of thousands of computers around the world and generated losses exceeding $100 million.

"Government testing of Cryptolocker malware samples has confirmed that Cryptolocker is no longer able to encrypt newly infected computers and, as a result, is not currently a threat," the government said in an update filed in the U.S. District Court of Western Pennsylvania Friday.

[Related: 8 Victims Of The Gameover Zeus, CryptoLocker Attacks]

Bogachev is still being sought by police and remains on the FBI's Cyber Most Wanted List. Solution providers told CRN that the Cryptolocker attacks plagued many of their customers, including small and midsize businesses that were forced to wipe systems completely and restore from backup.

"The only cure is having a good backup," said Michael Knight, CTO of Encore Technology Group, a Greenville, S.C.-based solution provider. Encore Technology aided a local county government client dealing with a Cryptolocker infection, which encrypted about 20 years of archival data, Knight told CRN. "It's not very responsible to have to pay cybercriminals to get your data back nor generally something that generally works."

The number of Gameover Zeus infections has dropped 31 percent since June 6, shortly after a law enforcement operation seized the command-and-control servers communicating with infected systems. The number of infected systems fell from 200,407 in June to 137,863 as of July 7, according to the Justice Department, which praised ISPs for communicating with owners of infected systems. Zeus banking Trojan infections, however, remain active, according to malware analysts monitoring new attacks.

Ransomware scams have been successfully targeting Microsoft Windows PCs for years but typically locked up victims browsers. Cryptolocker used stronger encryption, making it nearly impossible to crack, say security experts who are monitoring a new wave of copycat infections. The new CryptoWall malware, detailed last week by researchers at Intel Security (formerly McAfee), is spreading through phishing messages, the company said.

Once a system is infected, the attackers behind CryptoWall set a deadline and demand a $500 payment for the key to unlock the encrypted files. After the deadline passes the fee increases to $1,000, according to Intel Security. "Your best protection is to back up your data regularly and avoid phishing emails," the security vendor said.

Ransomware kits, which automate the process for criminals, are becoming more prevalent, Intel Security said, predicting malware infections to increase on mobile devices. U.K. security vendor Sophos detected Simplelocker, an Android Trojan that encrypts mobile files and demands payment using the similar Cryptolocker extortion scam.

PUBLISHED JULY 14, 2014