Security researchers over at Heimdal Security and CSIS Security Group have claimed that GOZeus takedown has effectively disrupted the operations of Cryptolocker while also having a negative effect on the infection rate of the ransomware.
Feds disrupted the GOZeus botnet earlier this month under ‘Operation Tovar’ that also had a negative effecton Cryptolocker as it is believed that both the malware were closely linked and the ransomware used GOZeus as its spreading mechanism.
It is believed that GOZeus and Cryptolocker were created by the same criminal gang and because of that the takedown effect had a knock on effect on new infection rates of Cryptolocker.
”At the beginning of May this year, we saw a high rate of new Cryptolocker infections, with as many as 5.000 new infections per day”, said Heimdal Security’s CEO, Morten Kjaersgaard.
“Later in May, infections even peaked at a very high number of 8.000 infections per day,”
The security companies have revealed that infection rates, which were at a peak of 50,000 new systems a week, has plummeted to close to zero.
This doesn’t mean that already infected systems are in the clear as the disruption of GOZeus didn’t clean systems that are already infected. Further, there has been no visible decline in the number of systems that are already infected.
However, the near vertical decline in new Cryptolocker infections clearly indicates how important GOZeus was for the ransomware.
According to the FBI GOZeus has inflicted damages in tune of over $100 million, while some estimates peg Cryptolocker to have earned its creators more than $27 million in ransom payments within just 2 months since its first appearance in September 2013.
The National Crime Agency (NCA) UK has issued a warning asking Brits to prepare themselves for one of the larger cyber attack storm post GOZeus takedown stating that the creators of one of the deadliest Trojan and ransomware will try to find new ways to regain control of the botnet and / or create a new botnet with a range of new exploit mechanisms.