CryptoLocker, the notorious online malware estimated to have stolen $27m, has been temporarily disabled, according to international law enforcement agencies including the UK National Crime Agency (NCA), the FBI and Europol.
First surfacing in late 2013, CrypoLocker’s ransom malware hijacked more than 234,000 computers through phishing emails, then offered users the ability to pay to decrypt their device for $300 in USD, EUR or BTC.
Symantec researchers report that law enforcement agencies have now effectively disabled key nodes of the GOZeuS network (also known as P2PZeuS and Gameover ZeuS). A separate form of malware, GOZeuS had provided the delivery method for the ransomware, though it was designed to steal users’ online banking login details.
According to law enforcement agencies, Internet users now have a two-week window to take the necessary precautions protect themselves from the malware.
Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit, said:
“By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.”
He added: “Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action.”
Suspects named
Law enforcement officials say they have effectively sinkholed GOZeuS’ peer-to-peer network, thereby cutting off criminal control of the affected computers. However, given the distributed nature of the network, the measure is unlikely to shut down the threat permanently.
The suspected ringleader of the illegal operation has also reportedly been identified. According to the UK NCA report, US authorities now allege that 30-year-old Evgeniy Mikhailovich Bogachev is the leader of the criminal enterprise behind GOZeuS.
Other arrests are “in progress”, according to international officials.
Protective action
The announcement will no doubt be greeted with enthusiasm by bitcoin users, as affected users were forced to pay a 2 BTC ransom. Further, though it debuted six months ago, CryptoLocker was still a threat to many Internet users, making headlines in November for updates that made its attacks more sophisticated.
Though authorities were optimistic about the results, they also acknowledged that similar threats are likely to continue to arise.
Archibald used his statements to reiterate the importance of Internet best practices, concluding:
“Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.”