Infections from CryptoLocker ransomware dropped bigtime after a takedown operation last week, researchers said.
An FBI-led takedown operation disrupted the Internet infrastructure powering the Gameover ZeuS botnet and the CryptoLocker ransomware.
Gameover ZeuS is a banking Trojan that’s been around for years but more recently used as a distribution mechanism for CryptoLocker. The ransomware is also capable of spreading using infected email attachments that pose as voicemail or shipping confirmations.
Danish security firm Heimdal Security — part of CSIS Security Group — estimates that 50,000 systems suffered hits by the Gameover ZeuS botnet, with at least 1.2 million computers living as part of the zombie network in early May. This figure dropped since the takedown, with a weekly run rate of new zombie drones in the low hundreds instead of tens of thousands, Heimdal Security researchers said.
“After the operation, our intelligence now shows that the number of new infections per day has dropped significantly and now looks to be stable around zero, for now at least,” said Morten Kjaersgaard, Heimdal Security’s chief executive. “When and with what strength the infections pick up again, is hard to predict, but the risk of infection still exists. It is just like the flu, you can catch it because the virus exists.”
Kjaersgaard urged web surfers to check their systems for infection by Gameover Zeus.
“As many people are still infected with Gameover Zeus P2P, which is also used to deliver the Cryptolocker ransomware, we strongly advise people to take the necessary measures to check if they are infected,” he said.
Police, aided by security researchers, linked the distribution of Gameover ZeuS and CryptoLocker as the work of the same closely linked gang.
Thirty-year-old Russian national Evgeniy Mikhailovich Bogachev is facing charges of masterminding the distribution of the Gameover ZeuS and CryptoLocker ransomware. Bogachev is now on an FBI most wanted list.
Whatever the outcome of the case, or even whether CryptoLocker itself ends up revived, various cybercrooks are already hard at work developing CryptoLocker clones and other strains of malware.
An estimated 234,000 computers worldwide, half in the U.S., suffered a Cryptolocker infection since it first surfaced in September 2013. These infection have bilked victims out of more than $27 million, according to FBI estimates.