Ransomware going strong, despite takedown of Gameover Zeus

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2014/09/ransomware-going-strong-despite-takedown-of-gameover-zeus/

By Robert Lemos
Ars Technica
Sept 7 2014

In late May, an international law enforcement effort disrupted the 
Gameover Zeus (GoZ) botnet, a network of compromised computers used for 
banking fraud.

The operation also hobbled a secondary, but equally important 
cyber-criminal operation: the Cryptolocker ransomware campaign, which used 
a program distributed by the GoZ botnet to encrypt victims' sensitive 
files, holding them hostage until the victim paid a fee, typically 
hundreds of dollars. The crackdown, and the subsequent discovery by 
security firms of the digital keys needed to decrypt affected data, 
effectively eliminated the threat from Cryptolocker.

Yet, ransomware is not dead, two recent analyses have found. Within a week 
of the takedown of Gameover Zeus and Cryptolocker, a surge of spam with 
links to a Cryptolocker copycat, known as Cryptowall, resulted in a jump 
in ransomware infections, states a report released last week by 
security-services firm Dell Secureworks. Cryptowall first appeared in 
November 2013, and spread slowly, but the group behind the program were 
ready to take advantage of the vacuum left by the downfall of its 
predecessor.

Being prepared paid off: In six months, the Cryptowall group infected 
nearly 625,000 systems, and even though only 0.27% of victims paid, the 
group still made $1.1 million, according to data from a 
command-and-control server discovered by Dell Secureworks. Ransomware is 
here to stay, the company concluded.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/