{
	"id": "12ef2178-c107-4c3f-830b-add4ae6f452b",
	"created_at": "2026-04-06T00:21:29.541468Z",
	"updated_at": "2026-04-10T03:21:42.828148Z",
	"deleted_at": null,
	"sha1_hash": "ce40833712b81d234d448a04c307ec2e76c1f443",
	"title": "U.S. Leads Multi-National Action Against “Gameover Zeus” Botnet and “Cryptolocker” Ransomware, Charges Botnet Administrator",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 57689,
	"plain_text": "U.S. Leads Multi-National Action Against “Gameover Zeus”\r\nBotnet and “Cryptolocker” Ransomware, Charges Botnet\r\nAdministrator\r\nPublished: 2014-06-02 · Archived: 2026-04-05 21:56:02 UTC\r\nThe Justice Department today announced a multi-national effort to disrupt the Gameover Zeus Botnet – a global\r\nnetwork of infected victim computers used by cyber criminals to steal millions of dollars from businesses and\r\nconsumers – and unsealed criminal charges in Pittsburgh, Pennsylvania, and Omaha, Nebraska, against an\r\nadministrator of the botnet. In a separate action, U.S. and foreign law enforcement officials worked together to\r\nseize computer servers central to the malicious software or “malware” known as Cryptolocker, a form of\r\n“ransomware” that encrypts the files on victims’ computers until they pay a ransom.\r\nDeputy Attorney General James M. Cole, Assistant Attorney General Leslie R. Caldwell of the Justice\r\nDepartment’s Criminal Division, FBI Executive Assistant Director Robert Anderson Jr., U.S. Attorney David J.\r\nHickton of the Western District of Pennsylvania, U.S. Attorney Deborah R. Gilg of the District of Nebraska, and\r\nDepartment of Homeland Security’s (DHS) Deputy Under Secretary Dr. Phyllis Schneck made the announcement.\r\nVictims of Gameover Zeus may use the following website created by DHS’s Computer Emergency Readiness\r\nTeam (US-CERT) for assistance in removing the malware:\r\nhttps://www.us-cert.gov/gameoverzeus\r\n.\r\nhttps://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware\r\nPage 1 of 4\n\n“This operation disrupted a global botnet that had stolen millions from businesses and consumers as well as a\r\ncomplex ransomware scheme that secretly encrypted hard drives and then demanded payments for giving users\r\naccess to their own files and data,” said Deputy Attorney General Cole. “We succeeded in disabling Gameover\r\nZeus and Cryptolocker only because we blended innovative legal and technical tactics with traditional law\r\nenforcement tools and developed strong working relationships with private industry experts and law enforcement\r\ncounterparts in more than 10 countries around the world.”“These schemes were highly sophisticated and\r\nimmensely lucrative, and the cyber criminals did not make them easy to reach or disrupt,” said Assistant Attorney\r\nGeneral Caldwell. “But under the leadership of the Justice Department, U.S. law enforcement, foreign partners in\r\nmore than 10 different countries and numerous private sector partners joined together to disrupt both these\r\nschemes. Through these court-authorized operations, we have started to repair the damage the cyber criminals\r\nhave caused over the past few years, we are helping victims regain control of their own computers, and we are\r\nprotecting future potential victims from attack.”\r\n“Gameover Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” said FBI\r\nExecutive Assistant Director Anderson. “The efforts announced today are a direct result of the effective\r\nrelationships we have with our partners in the private sector, international law enforcement, and within the U.S.\r\ngovernment.”\r\n“The borderless, insidious nature of computer hacking and cybertheft requires us to be bold and imaginative,” said\r\nU.S. Attorney Hickton.  “We take this action on behalf of hundreds of thousands of computer users who were\r\nunwittingly infected and victimized.”\r\n“The sophisticated computer malware targeting of U.S. victims by a global criminal enterprise demonstrates the\r\ngrave threat of cybercrime to our citizens,” said U.S. Attorney Gilg.  “We are grateful for the outstanding\r\ncollaboration of our international and U.S. law enforcement partners in this successful investigation.”\r\n“The FBI has demonstrated great leadership in continuing to help combat cyber crime, and our international and\r\nprivate sector partners have made enormous contributions as well,” said Deputy Under Secretary Schneck. “This\r\ncollective effort reflects our ‘whole-of-government’ approach to cybersecurity.  DHS is proud to support our\r\npartners in helping to identify compromised computers, sharing that information rapidly, and developing useful\r\ninformation and mitigation strategies to help the owners of hacked systems.”\r\nGameover Zeus Administrator Charged\r\nA federal grand jury in Pittsburgh unsealed a 14-count indictment against Evgeniy Mikhailovich Bogachev, 30, of\r\nAnapa, Russian Federation, charging him with conspiracy, computer hacking, wire fraud, bank fraud and money\r\nlaundering in connection with his alleged role as an administrator of the Gameover Zeus botnet. Bogachev was\r\nalso charged by criminal complaint in Omaha with conspiracy to commit bank fraud related to his alleged\r\ninvolvement in the operation of a prior variant of Zeus malware known as “Jabber Zeus.”\r\nIn a separate civil injunction application filed by the United States in federal court in Pittsburgh, Bogachev is\r\nidentified as a leader of a tightly knit gang of cyber criminals based in Russia and Ukraine that is responsible for\r\nthe development and operation of both the Gameover Zeus and Cryptolocker schemes. An investigation led in\r\nWashington, D.C., identified the Gameover Zeus network as a common distribution mechanism for Cryptolocker.\r\nUnsolicited emails containing an infected file purporting to be a voicemail or shipping confirmation are also\r\nhttps://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware\r\nPage 2 of 4\n\nwidely used to distribute Cryptolocker. When opened, those attachments infect victims’ computers. Bogachev is\r\nalleged in the civil filing to be an administrator of both Gameover Zeus and Cryptolocker. The injunction filing\r\nfurther alleges that Bogachev is linked to the well-known online nicknames “Slavik” and “Pollingsoon,” among\r\nothers. The criminal complaint filed in Omaha alleges that Bogachev also used “Lucky12345,” a well-known\r\nonline moniker previously the subject of criminal charges in September 2012 that were unsealed in Omaha on\r\nApril 11, 2014.\r\nDisruption of Gameover Zeus BotnetGameover Zeus, also known as “Peer-to-Peer Zeus,” is an extremely\r\nsophisticated type of malware designed to steal banking and other credentials from the computers it infects.\r\nUnknown to their rightful owners, the infected computers also secretly become part of a global network of\r\ncompromised computers known as a “botnet,” a powerful online tool that cyber criminals can use for numerous\r\ncriminal purposes besides stealing confidential information from the infected machines themselves. Gameover\r\nZeus, which first emerged around September 2011, is the latest version of Zeus malware that began appearing at\r\nleast as early as 2007. Gameover Zeus’s decentralized, peer-to-peer structure differentiates it from earlier Zeus\r\nvariants. Security researchers estimate that between 500,000 and 1 million computers worldwide are infected with\r\nGameover Zeus, and that approximately 25 percent of the infected computers are located in the United States. The\r\nprincipal purpose of the botnet is to capture banking credentials from infected computers. Those credentials are\r\nthen used to initiate or re-direct wire transfers to accounts overseas that are controlled by cyber criminals. The FBI\r\nestimates that Gameover Zeus is responsible for more than $100 million in losses.\r\nThe Gameover Zeus botnet operates silently on victim computers by directing those computers to reach out to\r\nreceive commands from other computers in the botnet and to funnel stolen banking credentials back to the\r\ncriminals who control the botnet. For this reason, in addition to the criminal charges announced today, the United\r\nStates obtained civil and criminal court orders in federal court in Pittsburgh authorizing measures to redirect the\r\nautomated requests by victim computers for additional instructions away from the criminal operators to substitute\r\nservers established pursuant to court order. The order authorizes the FBI to obtain the Internet Protocol addresses\r\nof the victim computers reaching out to the substitute servers and to provide that information to US-CERT to\r\ndistribute to other countries’ CERTS and private industry to assist victims in removing the Gameover Zeus\r\nmalware from their computers. At no point during the operation did the FBI or law enforcement access the content\r\nof any of the victims' computers or electronic communications.\r\nBesides the United States, law enforcement from the Australian Federal Police; the National Police of the\r\nNetherlands National High Tech Crime Unit; European Cybercrime Centre (EC3); Germany’s\r\nBundeskriminalamt; France’s Police Judiciare; Italy’s Polizia Postale e delle Comunicazioni; Japan’s National\r\nPolice Agency; Luxembourg’s Police Grand Ducale; New Zealand Police; the Royal Canadian Mounted Police;\r\nUkraine’s Ministry of Internal Affairs – Division for Combating Cyber Crime; and the United Kingdom’s National\r\nCrime Agency participated in the operation. The Defense Criminal Investigative Service of the U.S. Department\r\nof Defense also participated in the investigation.\r\nInvaluable technical assistance was provided by Dell SecureWorks and CrowdStrike. Numerous other companies\r\nalso provided assistance, including facilitating efforts by victims to remediate the damage to their computers\r\ninflicted by Gameover Zeus. These companies include Microsoft Corporation, Abuse.ch, Afilias, F-Secure, Level\r\n3 Communications, McAfee, Neustar, Shadowserver, Anubis Networks, Symantec, Heimdal Security, Sophos and\r\nTrend Micro.\r\nhttps://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware\r\nPage 3 of 4\n\nThe DHS National Cybersecurity and Communications Integration Center (NCCIC), which houses the US-CERT,\r\nplays a key role in triaging and collaboratively responding to the threat by providing technical assistance to\r\ninformation system operators, disseminating timely mitigation strategies to known victims, and sharing actionable\r\ninformation to the broader community to help prevent further infections.Disruption of CryptolockerIn addition to\r\nthe disruption operation against Gameover Zeus, the Justice Department led a separate multi-national action to\r\ndisrupt the malware known as Cryptolocker (sometimes written as “CryptoLocker”), which began appearing about\r\nSeptember 2013 and is also a highly sophisticated malware that uses cryptographic key pairs to encrypt the\r\ncomputer files of its victims. Victims are forced to pay hundreds of dollars and often as much as $700 or more to\r\nreceive the key necessary to unlock their files. If the victim does not pay the ransom, it is impossible to recover\r\ntheir files.\r\nSecurity researchers estimate that, as of April 2014, Cryptolocker had infected more than 234,000 computers, with\r\napproximately half of those in the United States. One estimate indicates that more than $27 million in ransom\r\npayments were made in just the first two months since Cryptolocker emerged.\r\nThe law enforcement actions against Cryptolocker are the result of an ongoing criminal investigation by the FBI’s\r\nWashington Field Office, in coordination with law enforcement counterparts from Canada, Germany,\r\nLuxembourg, the Netherlands, United Kingdom and Ukraine.\r\nCompanies such as Dell SecureWorks and Deloitte Cyber Risk Services also assisted in the operation against\r\nCryptolocker, as did Carnegie Mellon University and the Georgia Institute of Technology (Georgia Tech). The\r\njoint effort aided the FBI in identifying and seizing computer servers acting as command and control hubs for the\r\nCryptolocker malware.\r\nThe FBI’s Omaha and Pittsburgh Field Offices led both malware disruptions and conducted the investigation of\r\nBogachev. The prosecution in Pittsburgh is being handled by Assistant U.S. Attorney Shardul Desai of the Western\r\nDistrict of Pennsylvania, and the prosecution in Omaha by Trial Attorney William A. Hall of the Criminal\r\nDivision’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Steven Russell\r\nof the District of Nebraska. The civil action to disrupt the Gameover Zeus botnet and Cryptolocker malware is led\r\nby Trial Attorneys Ethan Arenson and David Aaron of CCIPS and Assistant U.S. Attorney Michael A. Comber of\r\nthe Western District of Pennsylvania.\r\nThe Criminal Division’s Office of International Affairs provided significant assistance throughout the criminal and\r\ncivil investigations.\r\nThe details contained in the indictment, criminal complaint and related pleadings are merely accusations, and the\r\ndefendant is presumed innocent unless and until proven guilty.Anyone claiming an interest in any of the property\r\nseized or actions enjoined pursuant to the court orders described in this release is advised to visit the following\r\nwebsite for notice of the full contents of the orders: http://www.justice.gov/opa/gameover-zeus.html .\r\nSource: https://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware\r\nhttps://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware"
	],
	"report_names": [
		"us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434889,
	"ts_updated_at": 1775791302,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ce40833712b81d234d448a04c307ec2e76c1f443.pdf",
		"text": "https://archive.orkl.eu/ce40833712b81d234d448a04c307ec2e76c1f443.txt",
		"img": "https://archive.orkl.eu/ce40833712b81d234d448a04c307ec2e76c1f443.jpg"
	}
}