CryptoLocker 'vanishes' after NCA and FBI botnet takedown

Security

by Jimmy Nicholls| 06 June 2014

Police action appears effective despite criticism from Bitdefender.

The spread of CryptoLocker ransomware has been heavily set back by the National Crime Agency (NCA) and FBI's takedown of a distributing botnet, security researchers have said.

Keith Jarvis, a security researcher at Dell, said the firm had found no new activity or infections since "Operation Tovar" took place last Friday, which created a fortnight in which computers could be patched and scanned before the botnet was brought back online.

Alex Balan, head of product management at security company BullGuard, said: "If anybody is infected during this two week period they're relatively safe because the servers are out of action."

The Gameover Zeus (GOZeuS) trojan spread by the same botnet is thought to have cost American banking an estimated $100m, with the peer-to-peer network proving difficult to take down because of a lack of a central command.

In its first two months of operation alone, it has been estimated that the Russian and Ukrainian criminals behind Cryptolocker collected more than $27m in ransom payments from victims seeking to get access to their files back.

Despite this, others have criticised the action by international police, with Catalin Cosoi, chief security strategist at antivirus firm Bitdefender, saying that "cyber criminals can establish the botnet somewhere else and resume their work with minimum hassle".

He added: "A clumsy take-down can leave victims stranded and without access to data that is being kept hostage. It is much better to identify command and control servers, follow the money trail to those who rented the hosting services and arrest them."

It is thought the ransomware had attacked more than 200,000 computers as of April this year, with more than half of those attacks occurring in the US.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

761 people like this.
2024 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.