CryptoLocker Crimewave Halted as Global Authorities Disable Network

International authorities have disabled GOZeuS, the P2P network behind the CryptoLocker malware.

AccessTimeIconJun 2, 2014 at 5:06 p.m. UTC
Updated Sep 14, 2021 at 2:06 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

CryptoLocker, the notorious online malware estimated to have stolen $27m, has been temporarily disabled, according to international law enforcement agencies including the UK National Crime Agency (NCA), the FBI and Europol.

First surfacing in late 2013, CrypoLocker's ransom malware hijacked more than 234,000 computers through phishing emails, then offered users the ability to pay to decrypt their device for $300 in USD, EUR or BTC.

Symantec researchers report that law enforcement agencies have now effectively disabled key nodes of the GOZeuS network (also known as P2PZeuS and Gameover ZeuS). A separate form of malware, GOZeuS had provided the delivery method for the ransomware, though it was designed to steal users' online banking login details.

According to law enforcement agencies, Internet users now have a two-week window to take the necessary precautions protect themselves from the malware.

Andy Archibald, deputy director of the NCA's National Cyber Crime Unit, said:

"By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them."

He added: "Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action."

Suspects named

Law enforcement officials say they have effectively sinkholed GOZeuS' peer-to-peer network, thereby cutting off criminal control of the affected computers. However, given the distributed nature of the network, the measure is unlikely to shut down the threat permanently.

The suspected ringleader of the illegal operation has also reportedly been identified. According to the UK NCA report, US authorities now allege that 30-year-old Evgeniy Mikhailovich Bogachev is the leader of the criminal enterprise behind GOZeuS.

Other arrests are "in progress", according to international officials.

Protective action

The announcement will no doubt be greeted with enthusiasm by bitcoin users, as affected users were forced to pay a 2 BTC ransom. Further, though it debuted six months ago, CryptoLocker was still a threat to many Internet users, making headlines in November for updates that made its attacks more sophisticated.

Though authorities were optimistic about the results, they also acknowledged that similar threats are likely to continue to arise.

Archibald used his statements to reiterate the importance of Internet best practices, concluding:

"Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails."

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.