Infections from the infamous CryptoLocker ransomware have fallen off sharply since a takedown operation earlier this week, according to security researchers.

An FBI-led takedown operation disrupted the internet infrastructure powering the Gameover ZeuS botnet and the even more infamous CryptoLocker ransomware. Gameover ZeuS is a banking Trojan that's been around for years but more recently has been used as a distribution mechanism for CryptoLocker. The ransomware nasty is also capable of spreading using infected email attachments that pose as voicemail or shipping confirmations.

Danish security firm Heimdal Security - part of CSIS Security Group - estimates that 50,000 systems were getting press-ganged into the Gameover ZeuS botnet, with at least 1.2 million computers living as part of the zombie network in early May. This figure has shrunk dramatically since the takedown op, with a weekly run rate of new zombie drones in the low hundreds instead of tens of thousands, according to Heimdal Security.

Many Gameover ZeuS zombies were also infected by CryptoLocker, one of the zombie networks's main secondary payloads. It's therefore logical to infer that CryptoLocker infections have also taken a nosedive - or even flat-lined.

"After the operation, our intelligence now shows that the number of new infections per day has dropped significantly and now looks to be stable around zero, for now at least," Morten Kjaersgaard, Heimdal Security’s chief exec, told The Register.

"When and with what strength the infections pick up again, is hard to predict, but the risk of infection still exists. It is just like the flu, you can catch it because the virus exists."

Kjaersgaard urged web surfers to check their systems for infection by Gameover Zeus, using a tool supplied by Heimdal, or rival utilities. "As many people are still infected with Gameover Zeus P2P, which is also used to deliver the Cryptolocker ransomware, we strongly advice people to take the necessary measures to check if they are infected," he added.

Cops, aided by security researchers, have linked the distribution of Gameover ZeuS and CryptoLocker as the work of the same closely linked gang.

Thirty-year-old Russian national Evgeniy Mikhailovich Bogachev has been charged with allegedly masterminding the distribution of the Gameover ZeuS and the even more infamous CryptoLocker ransomware. Bogachev has been placed on an FBI wanted list over the alleged cybercrimes.

Whatever the outcome of the case, or even whether CryptoLocker itself is revived, various cybercrooks are already hard at work developing CryptoLocker clones (examples here and here) and other strains of malware. And we also have the problem of machines already infected with CryptoLocker.

An estimated 234,000 computers worldwide, half in the US, have been infected with CryptoLocker since it first surfaced in September 2013. These infection have been used to bilk victims out of more than $27m (£16m), according to FBI estimates. ®

Related stories

• Cryptolocker flogged on YouTube (20 August 2014)

  https://www.theregister.com/2014/08/20/cryptolocker_flogged_on_youtube/

• CryptoLocker victims offered free key to unlock ransomed files (6 August 2014)

  https://www.theregister.com/2014/08/06/decryptolocker/

• Cyber scum pump ransomware at victims from spambot-stuffed websites (22 July 2014)

  https://www.theregister.com/2014/07/22/critroni_ransomware_communicates_via_tor/

• Gameover ZeuS botnet pulls dripping stake from heart, staggers back from the UNDEAD (14 July 2014)

  https://www.theregister.com/2014/07/14/gameover_zeus_botnet_back/

• EFF sues NSA over snoops 'hoarding' zero-day security bugs (2 July 2014)

  https://www.theregister.com/2014/07/02/eff_sues_nsa_over_agencys_policy_of_hoarding_zeroday_flaws/

• World still standing? It's been two weeks since Cryptolocker, Gameover Zeus takedown by feds (19 June 2014)

  https://www.theregister.com/2014/06/19/cryptolocker_clean_up_analysis/

• FBI arrests claims NullCrew hacker in Tennessee takedown (17 June 2014)

  https://www.theregister.com/2014/06/17/fbi_arrests_claims_nullcrew_hacker_in_tennessee_takedown/

• Student promises Java key to unlock Simplocker ransomware (17 June 2014)

  https://www.theregister.com/2014/06/17/student_forges_java_key_to_unlock_simplelocker_ransomware/

• Another RAT crawls out of the malware drain (17 June 2014)

  https://www.theregister.com/2014/06/17/another_rat_crawls_out_of_the_malware_drain/

• Entirely new trojan quietly wheeled into black hat forums (13 June 2014)

  https://www.theregister.com/2014/06/13/pricey_ground_up_built_malware_constantly_infects_everything/

• L337 crackrz use dumb passwords too (12 June 2014)

  https://www.theregister.com/2014/06/12/l337_crackrz_use_dumb_passwords_too/

• Bitcoin ransomware racket makes bank (10 June 2014)

  https://www.theregister.com/2014/06/10/bitcoin_ransomware_scum_racket_makes_bank/

• New software nasty encrypts Android PHONE files and demands a ransom (4 June 2014)

  https://www.theregister.com/2014/06/04/android_simplocker_file_scrambling_ransomware/

• DARPA crazytech crew want to create HUMAN-FREE cyber defence systems (3 June 2014)

  https://www.theregister.com/2014/06/03/darpa_wants_to_build_human_free_defence_systems/

• Feds hunt 30-year-old alleged to be lord of Gameover botnet (3 June 2014)

  https://www.theregister.com/2014/06/03/gameover_cryptolocker_takedown/

• You've got two weeks to beat off Cryptolocker, GameoverZeus nasties (2 June 2014)

  https://www.theregister.com/2014/06/02/nca_gameoverzeus_cryptolocker_warning/

• CryptoLocker creeps lure victims with fake Adobe, Microsoft activation codes (2 January 2014)

  https://www.theregister.com/2014/01/02/cryptolocker_worm/

• Fiendish CryptoLocker ransomware: Whatever you do, don't PAY (18 October 2013)

  https://www.theregister.com/2013/10/18/cryptolocker_ransmware/