“Game Over.” You see these words whenever you die or lose in a video game, but these two words are far more significant to one site administrator who’s internet hostage games are now up.
GameOver Zeus administrator Evgeniy Mikhailovich Bogachev of the Anapa Russian Federation, age 30, has been charged before a federal grand jury with 14 indictments of money laundering, bank fraud, wire fraud, conspiracy, and computer hacking as the GameOver Zeus botnet administrator that has played a role in stealing some $100 million from consumers. Bogachev was also the administrator at Cryptolocker, another ransomware site, and has been traced on the Web to names such as Pollingsoon, Slavik, and even Lucky12345 (found in Omaha, Nebraska).
The ransomware scandal works as follows: oftentimes, an email is sent to you from “USPS International” (from a Russian recipient with the letter “ru” in the email address) or some other shipping company that claims a courier tried to deliver a package to you but couldn’t (presumably because you were unavailable). Then, the email tells you to download an attachment and present it to your local post office for verification to pick the package up. You’re fine when opening the email, but when you decide to open the attachment, you’re in effect giving GameOver Zeus and Cryptolocker control over your computer. The attachment releases a virus into your computer that encrypts all of your data. Then, when GameOver Zeus and Cryptolocker gain control, they demand that you pay a fee (often upwards of $700) in order to retrieve your information. You may often find one of the names above in your email as the recipient that’s sending you the information (such as Pollingsoon). While mandating pay to regain control of your computer, the infected file steals your banking data. In short, it’s a “catch 22”: you may regain admin control over your device, but you do so at a loss of all your personal information.
Federal officials believe that Bogachev is only one leader in a string of worldwide, cybercriminal schemes that consist of a gang of hackers in Russia and Ukraine. The GameOver Zeus scheme has had its roots in cybercriminal activity for some time, going as far back as 2007 with prior variants of Zeus malware (one named “Jabber Zeus”). While GameOver Zeus has been around for some time, Cryptolocker is only two months old. In its two-month life, Cryptolocker has stolen some $27 million from users who have infected computers. Cryptolocker, according to early estimates, has infected 234,000 computers – with approximately half of those infected computers belonging to American citizens.
The crackdown on GameOver Zeus and Cryptolocker came about through the efforts of Georgia Tech, Carnegie Mellon University, as well as companies such as Microsoft, F-Secure, McAfee, Level 3 Communications, Symantec, Dell SecureWorks, antivirus company Trend Micro. Law enforcement agencies such as the Federal Bureau of Investigations (FBI), Britain’s National Crime Agency, and Europol worked together to catch the somewhat-successful perpetrator.
If you get an email that comes from “USPS,” an international shipping agency, or shipping organization that you’ve never done business with, don’t open the email. Instead, contact your local post office to see if there’s a package for you. Your local post office can verify if you’ve a package so that you don’t risk losing your computer to the ransomware scandal. If you’ve been infected, please visit the following Department of Homeland Security site to seek help and see what can be done.
Have you noticed any other emails sent by a Russian recipient that are dangerous and shouldn’t be opened? If so, please write in and let us know. Countless numbers of innocent victims have fallen prey to this ransomware attack, and we here at Inferse want to spare you pay and the loss of information that could be used in future identity theft cases. You and your personal data are of the utmost importance.