Monday, 9 June 2014

Law enforcement strikes back at cybercriminals that were attacking Irish businesses with ransomware

ESET Ireland has been closely following the cyberattacks against Irish businesses with ransomware like Cryptolocker, which encrypts data and requests a ransom to unlock it. In the past week, law enforcement has been successful in combating the cyber gang behind the attacks.

 Security specialists at ESET Ireland have received reports from Westmeath, Wexford, Waterford, Galway, Donegal, etc, mainly from SMBs with an average of 15 computers each that have been hit by ransomware in the past months. What most of the affected companies had in common was that they had poor security and partial or no antivirus software in place, which is all the cybercriminals need to infect a single computer, which then spreads the infection across the network, locking all the company’s files until a ransom is paid. (Note that all ESET products have been detecting and removing this malware since 2012 with detection name Win32/Spy.Zbot.AAU, as described by our Virus Radar). Most of these attacks were carried out by a gang of cyber criminals based in Ukraine and Russia, that was responsible for the development and operation of both the GameOver Zeus and Cryptolocker schemes and its leader Evgeniy Bogachev has now been added to the FBI’s Most Wanted list for cyber criminals and is now facing 14 criminal charges.

 In a coordinated action taken by law enforcement this week, servers all over the world were raided simultaneously by the NCA, FBI, Europol and others. Combined with other recent crackdowns, this could well add up to a big leap forward in the fight against cybercrime, as it sends a clear message to those responsible that they are not untouchable. While not all of these crooks have been arrested, our contacts in international law enforcement assure us that having your face plastered all over the Internet as “Most Wanted” definitely puts a crimp in the cybercriminal lifestyle. Eventual arrests are very likely, and until then many simple things like travel and financial transactions can be a huge hassle for them. A statement from FBI reads:

“In a separate civil injunction application filed by the United States in federal court in Pittsburgh, Evgeniy Mikhailovich Bogachev is identified as a leader of a tightly knit gang of cyber criminals based in Russia and Ukraine that is responsible for the development and operation of both the GameOver Zeus and Cryptolocker schemes. An investigation led in Washington, D.C., identified the GameOver Zeus network as a common distribution mechanism for Cryptolocker. Unsolicited e-mails containing an infected file purporting to be a voice-mail or shipping confirmation are also widely used to distribute Cryptolocker. When opened, those attachments infect victims’ computers “

What is clear from these accounts is something we at ESET have been saying for a long time: cybercrime is evolving on an industrial scale with the intent to make money off people who rely on computers in their business and daily lives, with no regard to the pain and suffering these crimes inflict. According to the FBI, losses attributable to GameOver Zeus are “estimated to be more than $100 million.” That does not include the opportunity costs of protective and corrective measures, nor the drag on productivity that cybercrime at this scale imposes.