Feds go after hackers who demand ransom

The Department of Justice is cracking down on hackers in Russia and Ukraine who, officials say, are making millions of dollars by stealing bank information and holding computer files for ransom.

The agency announced Monday efforts to disrupt two cyber crime programs — “Cryptolocker” and “Gameover Zeus” — allegedly developed and run by a “tightly knit gang of cyber criminals based in Russia and Ukraine” led by Russian Evgeniy Mikhailovich Bogachev.

{mosads}Cryptolocker is a “ransomware” tool that encrypts a computer’s files until the owner pays a ransom. According to the agency, the ransomware has infected more than 234,000 computers, half of which are in the U.S. 

The release cites one estimate “that more than $27 million in ransom payments were made in just the first two months since Cryptolocker emerged” and said that the FBI seized the servers being used as “control hubs” for the ransomware.

The “Gameover Zeus” botnet is a malware network used to steal millions of dollars by capturing banking credentials. The botnet also was a common distribution tool for the Cryptolocker software, according to the agency.

According to the release, between 500,000 and 1 million computers world wide are infected with Gameover Zeus, and 25 percent of those infected computers are in the U.S.

In addition to bringing charges against Bogachev for his alleged role as administrator of Gameover Zeus and Cryptolocker, the U.S. government obtained civil and criminal court orders authorizing agencies to take steps to mitigate damage caused by these programs, including obtaining the IP addresses of affected computers.

“At no point during the operation did the FBI or law enforcement access the content of any of the victims’ computers or electronic communications,” the agency said.

The Department of Justice pointed to a multinational law enforcement effort, including work by law enforcement agencies in Europe, Canada, Australia, Japan and New Zealand, as well as the U.S. Defense Department.

The agency also credited Dell and CrowdStrike for their “invaluable technical assistance,” as well as Microsoft, Symantec, McAfee and other tech companies for working with victims to undo the damage to their computers caused by these programs.