CryptoLocker 'vanishes' after NCA and FBI botnet takedown

Data Jimmy Nicholls

10:15, June 6 2014


Police action appears effective despite criticism from Bitdefender.

The spread of CryptoLocker ransomware has been heavily set back by the National Crime Agency (NCA) and FBI's takedown of a distributing botnet, security researchers have said.

Keith Jarvis, a security researcher at Dell, said the firm had found no new activity or infections since "Operation Tovar" took place last Friday, which created a fortnight in which computers could be patched and scanned before the botnet was brought back online.

Alex Balan, head of product management at security company BullGuard, said: "If anybody is infected during this two week period they're relatively safe because the servers are out of action."

The Gameover Zeus (GOZeuS) trojan spread by the same botnet is thought to have cost American banking an estimated $100m, with the peer-to-peer network proving difficult to take down because of a lack of a central command.

In its first two months of operation alone, it has been estimated that the Russian and Ukrainian criminals behind Cryptolocker collected more than $27m in ransom payments from victims seeking to get access to their files back.

Despite this, others have criticised the action by international police, with Catalin Cosoi, chief security strategist at antivirus firm Bitdefender, saying that "cyber criminals can establish the botnet somewhere else and resume their work with minimum hassle".

He added: "A clumsy take-down can leave victims stranded and without access to data that is being kept hostage. It is much better to identify command and control servers, follow the money trail to those who rented the hosting services and arrest them."

It is thought the ransomware had attacked more than 200,000 computers as of April this year, with more than half of those attacks occurring in the US.

Source: Company Press Release

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.