US authorities on Monday charged a suspected Russian hacker with creating a botnet that was used by cybercriminals to steal more than $100 million from businesses and consumers since 2011.
Evgeniy Mikhailovich Bogachev controlled a criminal ring that secretly infected between 500,000 and 1 million computers worldwide with GameOver Zeus, a botnet designed to steal banking credentials, according to court documents unsealed today in Pittsburgh federal court. The botnet was disrupted by a multinational law enforcement investigation that seized servers central to the administration of highly sophisticated malware called Cryptolocker, which encrypted victims' computer files and was then used to demand a ransom of hundreds of dollars in exchange for the encryption key to unlock the files.
As of April, Cryptolocker was estimated to have infected more than 234,000 computers, approximately half of which were in the US, the US Justice Department said in a statement. In its first two months on the Internet, Crypolocker extorted more than $27 million in ransom payments, the department said.
"This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a complex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users access to their own files and data," Deputy Attorney General Cole said in a statement.
GameOver Zeus, which first emerged in 2011, is an offshoot of the original data-stealing Zeus Trojan that began appearing in 2007, the Justice department said. However, its peer-to-peer structure differs from earlier variants of Zeus, which infected more than 13 million computers worldwide and led to losses of hundreds of millions of dollars.
"These schemes were highly sophisticated and immensely lucrative, and the cybercriminals did not make them easy to reach or disrupt," Assistant Attorney General Leslie Caldwell said in a statement.
Often downloaded onto unprotected computers from malicious websites created by cybercriminals, the malware can also be spread via phishing scams that entice users to click on a link or attachment that installs the malware on victims' computers. A keylogger then records victims' account numbers and log-ins, which are then transmitted to the botnet's servers.
A 14-count indictment unsealed Monday charged Bogachev, 30, with conspiracy, computer hacking, wire fraud, bank fraud, and money laundering. Bogachev is not in custody but is believed to reside in Anapa, Russia. If he is in Russia, Bogachev's extradition to the US in unlikely since the two countries currently do not have a formal extradition agreement.