The US-led operation to de-claw the Gameover Zeus botnet has uncovered 2,000 users in Singapore infected by the CryptoLocker ransom Trojan, authorities in the country have said.
Although it sounds like a small number of systems, the news offers a revealing glimpse into the scale of CryptoLocker’s silent and mostly unrecorded global spread since its appearance last September.
“The United States authorities found 2,000 affected users in Singapore and informed SingCERT, which is working with local Internet service providers to notify them,” said a spokesperson for the country’s Infocomm Development Authority.
“So far, no government e-services have been affected. We will continue to strengthen all government websites and e-services by taking the necessary security measures, such as checking and fixing vulnerabilities and patching software.”
Cutting CryptoLocker off from the botnet used to distribute it is important because it makes impossible for the malware to reinstate itself on the compromised system as it is being cleaned up.
In the UK, estimates put the number of affected systems at around 15,000 although this is probably an underestimate because it shows only a snapshot of those affected during the takedown.
The official body count for CryptoLocker is around somewhere between 500,000 and 1 million. Given that the FBI estimated Gameover Zeus’s global financial theft at over $100 million over a period of years, CryptoLocker probably accounted for a small but meaningful portion of that total.
Since the Gameover takedown, CryptoLocker has been stopped in its tracks, security firms estimate. The Russian citizen who allegedly headed the gang controlling Gameover Zeus was named along with his co-conspirators by the FBI as part of its operation.
CryptoLocker might be weakened, possibly forever, but the genre of ransom malware it so successfully demonstrated shows no sign of being on the way out. Already new variations on the theme have been spotted, including CryptoDefense/CryptoWall and, this week, Pandemiya.