The fellow above is Evgeniy Mikhailovich Bogachev. He’s 30 years old, 5-foot-9, 180 pounds, and enjoys touring the Black Sea in his private boat and writing computer programs. He also likes long walks on the beach and committing wholesale fraud to the tune of tens of millions of dollars. Bogachev and four others have been named in a suit filed in a U.S. District Court for their roles creating and operating the Gameover Zeus (GOZ) botnet and the Cryptolocker ransomware. Bogachev is the only leader who’s been named so far and has been charged with conspiracy, wire fraud, hacking, bank fraud, and money laundering.
Court documents list Bogachev as residing in Anapa, a town about 250 miles (330 kilometers) northwest of Sochi. The command and control servers authorities seized were located in Kiev and Donetsk, Ukraine. Like other takedowns we’ve seen in the recent past, gaining control of those servers was critical — and a bit surprising considering the recent unrest in Ukraine. It took a coordinated, multinational effort to bring down GOZ and Cryptolocker. Microsoft, Dell, Symantec, McAfee, Trend Micro, and CrowdStrike were all involved, as were researchers from Saarland University in Germany and VU University Amsterdam. Law enforcement agencies — including the FBI and Europol — also played significant roles.
A massive task force, to be sure, but these were two massive foes. Zeus has run rampant for years, infecting hundreds of thousands of computers and evolving over time to become more stealthy, more adaptable, and more dangerous. In the summer of 2013, Zeus went peer-to-peer, making the botnet more resilient — as well as making it harder to trace traffic back to the CC servers. This isn’t the first Zeus-related strike we’ve seen: a 24-year-old was arrested last year and Microsoft led two other raids in 2012.
Cryptolocker has been one of the most feared pieces of malware ever to hit the web. It infected nearly a quarter of a million systems and extorted millions of dollars from victims, and resulted in scores of people wiping their machines and restoring from clean backups (hopefully).
Now, the cleanup work begins. McAfee’s free Stinger tool will scan your machine and remove any related infections, and there are additional resources posted on the Department of Justice website. If you have Cryptolocker or Zeus you’d probably know it, but it never hurts to do a quick scan to confirm.