Game Over for GameOver Zeus and Cryptolocker malware that stole millions

Image Credits: Symantec

The U.S Department of Justice announced that FBI and other international Law enforcements have disrupted two of the world's most notorious botnets: GameOver Zeus and Cryptolocker ransomware.

Game Over Zeus is one of the most notorious botnets which first emerged in September 2011 responsible for millions of infections worldwide.  It is based on the original Zeus malware, attempts to steal financial information from the victim.

According to the United States Department of Justice report, the cybercriminals behind the GameOver Zeus have stolen more than $100 million.

Evgeniy Mikhailovich Bogachev, 30-year-old Russian, has been charged for his alleged role as an admin of the Gameover Zeus botnet.

Cryptolocker is a particularly nasty piece of malware that encrypts all files on the infected machine, then demands a ransom to unlock it.  If the files are important one and no backup is there, victims don't have choice other than paying ransom to get a key to unlock.

DOJ report suggests that more than 200k computers have been infected by this ransomware as of April.  The malware appeared in September 2013, within two months cyber criminals collected more than $27 million.

Symantec has also released a tool to remove GameOver malware completely from your computer.  You can download it from here.

New Cryptolocker Ransomware capable of spreading via Pen Drive


CryptoLocker Ransomware, to date, generally spread via various online method such as fake emails containing the malware, drive-by downloads or via any other already infected malware. So far, the malware has been successful in infecting more users.

It appears the cyber criminals behind the cryptolocker malware are not satisfied with the infection ratio.  So, they have added new features in their new version.

A new variant of cryptolocker has been detected by Trend Labs that comes with new features to spread from victim's machines. This variant has the ability to spread via Removable drives.

"This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants." Researchers say.

Unlike the previous variants, the malware now uploaded in Peer to Peer (P2P) file sharing site, pretends to a cracker for various software such as Adobe Photoshop, Microsoft Office. This helps the attackers to easily infect systems without the need of spending time in sending spam mails.

However, the malware is failed to use a Domain generation algorithm(DGA), feature that enable the malware to evade detection as it use a large number of random domain names.

"This could mean that the malware is still in the process of being refined and improved upon. Thus, we can expect latter variants to have the DGA capability." Researchers said.

CryptoLocker ransomware reduce the price for decrypting files

As a bitcoin value continuous its climb, now it is more than $800, the criminals behind cryptolocker ransomware have also come with up an idea to reduce the price for decrypting files to 0.5 Bitcoins.

Initially, the ransomware were asking victims to pay 2 Bitcoins as ransom in order to decrypt their files.

The victims who failed to pay the ransom within a particular time will be asked to use their decryption service if they want to get back their encrypted files.  However, victims need to pay more than before.


The new variant of CryptoLocker ransomware spotted by F-Secure security team on November 20 is asking users to pay 0.5 Bitcoins instead.