Login

***harlan4096***

Quote:

How Heimdal Security took part in the global effort against the Gameover Zeus Botnet and CryptoLocker ransomware

Over the past years, organized malware disruptions have grown in speed and prominence as more and more businesses and law enforcement entities fought together. As Heimdal[sup]TM [/sup]Security has always advocated for building strong connections and working together as a community, throughout the years we’ve been involved in global anti-cyberthreat operations such as the No More Ransom initiative or Operation Tovar to dismantle cybercriminal schemes.

As some of you might not know what Operation Tovar was, in this article I will shed some light on this topic and recount the story of how we, alongside many private and public organizations, played our role against the Gameover ZeuS botnet and CryptoLocker ransomware.

What is Operation Tovar?

Operation Tovar made headlines when it was first announced on June 2nd, 2014.

It was an international partnership between law enforcement agencies, security companies, and academic researchers against the Gameover ZeuS botnet, which was being used in bank fraud and the dissemination of the CryptoLocker ransomware.

The FBI reported that Gameover accounted for financial losses of over $100 million and that after the first two months of CryptoLocker’s distribution, more than $27 million in ransom payments were made.

Who participated in Operation Tovar?

In a press release following the takedown, the US Department of Justice stated who was involved in Operation Tovar, the multi-national action against Gameover Zeus Botnet and Cryptolocker Ransomware, as you can see below.

Law enforcement agencies:
the US-CERT

Australian Federal Police

the National Police of the Netherlands National High-Tech Crime Unit

European Cybercrime Centre (EC3)

Germany’s Bundeskriminalamt

France’s Police Judiciare

Italy’s Polizia Postale e delle Comunicazioni

Japan’s National Police Agency

Luxembourg’s Police Grand Ducale

New Zealand Police

the Royal Canadian Mounted Police

Ukraine’s Ministry of Internal Affairs – Division for Combating Cyber Crime

the United Kingdom’s National Crime Agency

the Defense Criminal Investigative Service of the U.S. Department of Defense

Valuable technical assistance was also provided by:
Dell SecureWorks

CrowdStrike

Microsoft

Afilias

F-Secure

Level 3 Communications

McAfee

Neustar

Shadowserver

Anubis Networks

Symantec

Heimdal Security

Sophos

Trend Micro

Carnegie Mellon University

Georgia Institute of Technology (Georgia Tech).

Quote:“Gameover Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” said FBI Executive Assistant Director Anderson. “The efforts announced today are a direct result of the effective relationships we have with our partners in the private sector, international law enforcement, and within the U.S. government.”

Who was the target of Operation Tovar?

Evgeniy Mikhailovich Bogachev was the subject of the investigations, being charged by the Department of Justice and wanted by the FBI for his role as the leader of the ZeuS Gameover botnet. Four other suspects were indicted as well.

Bogachev (who was using the online nicknames “lucky12345” and “slavik”) is a Russian citizen charged with illegal activities such as bank fraud, money laundering, wire fraud, and conspiracies to violate the Computer Fraud and Abuse Act and the Identity Theft and Assumption Deterrence Act.

He was involved in the spread of malicious software known as “Zeus” on the victims’ computers. This type of malware intercepted bank account numbers, passwords, personal identification numbers, and other banking credentials. While Bogachev acted as an administrator, others involved in the scheme distributed spam and phishing emails, which included links to malicious web sites.

The victims who accessed these URLs were infected with malware that was used by Bogachev and others to extract money from their bank accounts.
...

Login
Username/Email:
Password:	Lost Password?
	Remember me