Feeds

Security bods mop blood, sigh: NEW CryptoLocker zombies? We don't see their kind

Not much, at least, since Feds chopped master's head off

Intelligent flash storage arrays

Infections from the infamous CryptoLocker ransomware have fallen off sharply since a takedown operation earlier this week, according to security researchers.

An FBI-led takedown operation disrupted the internet infrastructure powering the Gameover ZeuS botnet and the even more infamous CryptoLocker ransomware. Gameover ZeuS is a banking Trojan that's been around for years but more recently has been used as a distribution mechanism for CryptoLocker. The ransomware nasty is also capable of spreading using infected email attachments that pose as voicemail or shipping confirmations.

Danish security firm Heimdal Security - part of CSIS Security Group - estimates that 50,000 systems were getting press-ganged into the Gameover ZeuS botnet, with at least 1.2 million computers living as part of the zombie network in early May. This figure has shrunk dramatically since the takedown op, with a weekly run rate of new zombie drones in the low hundreds instead of tens of thousands, according to Heimdal Security.

Many Gameover ZeuS zombies were also infected by CryptoLocker, one of the zombie networks's main secondary payloads. It's therefore logical to infer that CryptoLocker infections have also taken a nosedive - or even flat-lined.

"After the operation, our intelligence now shows that the number of new infections per day has dropped significantly and now looks to be stable around zero, for now at least," Morten Kjaersgaard, Heimdal Security’s chief exec, told The Register.

"When and with what strength the infections pick up again, is hard to predict, but the risk of infection still exists. It is just like the flu, you can catch it because the virus exists."

Kjaersgaard urged web surfers to check their systems for infection by Gameover Zeus, using a tool supplied by Heimdal, or rival utilities. "As many people are still infected with Gameover Zeus P2P, which is also used to deliver the Cryptolocker ransomware, we strongly advice people to take the necessary measures to check if they are infected," he added.

Cops, aided by security researchers, have linked the distribution of Gameover ZeuS and CryptoLocker as the work of the same closely linked gang.

Thirty-year-old Russian national Evgeniy Mikhailovich Bogachev has been charged with allegedly masterminding the distribution of the Gameover ZeuS and the even more infamous CryptoLocker ransomware. Bogachev has been placed on an FBI wanted list over the alleged cybercrimes.

Whatever the outcome of the case, or even whether CryptoLocker itself is revived, various cybercrooks are already hard at work developing CryptoLocker clones (examples here and here) and other strains of malware. And we also have the problem of machines already infected with CryptoLocker.

An estimated 234,000 computers worldwide, half in the US, have been infected with CryptoLocker since it first surfaced in September 2013. These infection have been used to bilk victims out of more than $27m (£16m), according to FBI estimates. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.