CryptoLocker Crimewave Halted as Global Authorities Disable Network

International authorities have disabled GOZeuS, the P2P network behind the CryptoLocker malware.

AccessTimeIconJun 2, 2014 at 5:06 p.m. UTC
Updated Sep 14, 2021 at 2:06 p.m. UTC

CryptoLocker, the notorious online malware estimated to have stolen $27m, has been temporarily disabled, according to international law enforcement agencies including the UK National Crime Agency (NCA), the FBI and Europol.

First surfacing in late 2013, CrypoLocker's ransom malware hijacked more than 234,000 computers through phishing emails, then offered users the ability to pay to decrypt their device for $300 in USD, EUR or BTC.

Symantec researchers report that law enforcement agencies have now effectively disabled key nodes of the GOZeuS network (also known as P2PZeuS and Gameover ZeuS). A separate form of malware, GOZeuS had provided the delivery method for the ransomware, though it was designed to steal users' online banking login details.

According to law enforcement agencies, Internet users now have a two-week window to take the necessary precautions protect themselves from the malware.

Andy Archibald, deputy director of the NCA's National Cyber Crime Unit, said:

"By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them."

He added: "Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action."

Suspects named

Law enforcement officials say they have effectively sinkholed GOZeuS' peer-to-peer network, thereby cutting off criminal control of the affected computers. However, given the distributed nature of the network, the measure is unlikely to shut down the threat permanently.

The suspected ringleader of the illegal operation has also reportedly been identified. According to the UK NCA report, US authorities now allege that 30-year-old Evgeniy Mikhailovich Bogachev is the leader of the criminal enterprise behind GOZeuS.

Other arrests are "in progress", according to international officials.

Protective action

The announcement will no doubt be greeted with enthusiasm by bitcoin users, as affected users were forced to pay a 2 BTC ransom. Further, though it debuted six months ago, CryptoLocker was still a threat to many Internet users, making headlines in November for updates that made its attacks more sophisticated.

Though authorities were optimistic about the results, they also acknowledged that similar threats are likely to continue to arise.

Archibald used his statements to reiterate the importance of Internet best practices, concluding:

"Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails."


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.