Feeds

Security bods mop blood, sigh: NEW CryptoLocker zombies? We don't see their kind

Not much, at least, since Feds chopped master's head off

Providing a secure and efficient Helpdesk

Infections from the infamous CryptoLocker ransomware have fallen off sharply since a takedown operation earlier this week, according to security researchers.

An FBI-led takedown operation disrupted the internet infrastructure powering the Gameover ZeuS botnet and the even more infamous CryptoLocker ransomware. Gameover ZeuS is a banking Trojan that's been around for years but more recently has been used as a distribution mechanism for CryptoLocker. The ransomware nasty is also capable of spreading using infected email attachments that pose as voicemail or shipping confirmations.

Danish security firm Heimdal Security - part of CSIS Security Group - estimates that 50,000 systems were getting press-ganged into the Gameover ZeuS botnet, with at least 1.2 million computers living as part of the zombie network in early May. This figure has shrunk dramatically since the takedown op, with a weekly run rate of new zombie drones in the low hundreds instead of tens of thousands, according to Heimdal Security.

Many Gameover ZeuS zombies were also infected by CryptoLocker, one of the zombie networks's main secondary payloads. It's therefore logical to infer that CryptoLocker infections have also taken a nosedive - or even flat-lined.

"After the operation, our intelligence now shows that the number of new infections per day has dropped significantly and now looks to be stable around zero, for now at least," Morten Kjaersgaard, Heimdal Security’s chief exec, told The Register.

"When and with what strength the infections pick up again, is hard to predict, but the risk of infection still exists. It is just like the flu, you can catch it because the virus exists."

Kjaersgaard urged web surfers to check their systems for infection by Gameover Zeus, using a tool supplied by Heimdal, or rival utilities. "As many people are still infected with Gameover Zeus P2P, which is also used to deliver the Cryptolocker ransomware, we strongly advice people to take the necessary measures to check if they are infected," he added.

Cops, aided by security researchers, have linked the distribution of Gameover ZeuS and CryptoLocker as the work of the same closely linked gang.

Thirty-year-old Russian national Evgeniy Mikhailovich Bogachev has been charged with allegedly masterminding the distribution of the Gameover ZeuS and the even more infamous CryptoLocker ransomware. Bogachev has been placed on an FBI wanted list over the alleged cybercrimes.

Whatever the outcome of the case, or even whether CryptoLocker itself is revived, various cybercrooks are already hard at work developing CryptoLocker clones (examples here and here) and other strains of malware. And we also have the problem of machines already infected with CryptoLocker.

An estimated 234,000 computers worldwide, half in the US, have been infected with CryptoLocker since it first surfaced in September 2013. These infection have been used to bilk victims out of more than $27m (£16m), according to FBI estimates. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.