Home News Press Room Press Releases Department of Justice Provides Update on GameOver Zeus and Cryptolocker Disruption

Department of Justice Provides Update on GameOver Zeus and Cryptolocker Disruption

U.S. Department of Justice July 11, 2014
  • Office of Public Affairs (202) 514-2007/TDD (202)514-1888

WASHINGTON—The Justice Department today filed a status report with the United States District Court for the Western District of Pennsylvania updating the court on the progress in disrupting the GameOver Zeus botnet and the malicious software known as Cryptolocker. The disruption began in late May, when the Justice Department implemented a series of Court-authorized measures to neutralize GameOver Zeus and Cryptolocker—two of the most sophisticated and destructive forms of malicious software in existence.

In the status report, the Justice Department informed the court that the technical and legal measures undertaken to disrupt GameOver Zeus and Cryptolocker have proven successful, and that significant progress has been made in remediating computers infected with GameOver Zeus.

The Justice Department reported that all or nearly all of the active computers infected with GameOver Zeus have been liberated from the criminals’ control and are now communicating exclusively with the substitute server established pursuant to court order. The Justice Department also reported that traffic data from the substitute server shows that remediation efforts by Internet service providers and victims have reduced the number of computers infected with GameOver Zeus by 31 percent since the disruption commenced.

The Justice Department also reported that Cryptolocker has been neutralized by the disruption and cannot communicate with the infrastructure used to control the malicious software. As a result, Cryptolocker is effectively non-functional and unable to encrypt newly infected computers.

Computer users who believe they may be infected with GameOver Zeus are encouraged to visit the Department of Homeland Security’s dedicated GameOver Zeus webpage, which is located at www.us-cert.gov/gameoverzeus. Among other resources, the webpage includes links to tools from trusted vendors that can detect and remove the GameOver Zeus infection.

 

06.01.14

GameOver Zeus Botnet


Evgeniy Bogachev, who has been added to the FBI’s Cyber’s Most Wanted list, was identified in court documents as the leader of a gang of cyber criminals responsible for the development and operation of both the GameOver Zeus and CryptoLocker schemes.

Evgeniy Bogachev wanted poster  Evgeniy Bogachev and three JabberZeus subjects are wanted for their alleged involvement in wide-ranging racketeering activities.
Posters: Bogachev | JabberZeus Subjects


Documents:
- Preliminary Injunction
- Complaint
- Motion for Temporary Restraining Order
- Temporary Restraining Order
- Temporary Restraining Order Translated (Нa Руcckom)
- Memorandum of Law
- Declaration of Special Agent

- Appendix A
- Appendix B
- Appendix C
- Appendix D
- Appendix E


View Large Graphic

GameOver Zeus and CryptoLocker PosterDownload (PDF)

Resources:
- Case update (7/11/14)
- Press release
- U.S. CERT GameOver Zeus removal assistance

- Story: GameOver Zeus Botnet Disrupted
- More on GameOver Zeus
- More on botnets