Europol has dismantled a global cybercrime network that used the GozNym malware to steal approximately $100 million, the agency announced on Thursday.
Five members of the network have been apprehended in Georgia, Moldova, Ukraine and Russia, while five remain on the run. All ten have been charged in Pittsburgh, U.S. with conspiracy to infect victims’ computers with malware, steal login credentials and use them to syphon money out of victims’ accounts.
The criminals targeted mostly businesses and financial institutions, using the sophisticated GozNym malware to infect victims’ computers. The malware allowed them to steal login credentials and gain unauthorized access to victims’ online bank accounts, steal the money and then launder it through U.S. and foreign bank accounts.
Europol, who coordinated the action with Eurojust, the European Union’s Judicial Cooperation Unit, as well as the U.S. Justice Department, claims the criminals were highly specialized and well organized. They used their technical skills and a number of criminal services to recruit accomplices, perform phishing attacks, encrypt the malware to make it harder to detect by anti-virus tools and launder the money.
Google News, Bing News, Yahoo News, 200+ publications
The leader of the ring, as well as his technical assistant, are being prosecuted in Georgia.
GozNym is a stealthy and advanced malware, created from two different malware strains (Gozi ISFB and Nymaim) and designed to attack financial institutions, primarily in the U.S. Europol estimates that the criminal network stole from more than 41,000 victims using the malware.
According to Europol, the GozNym criminal network was provided with bulletproof hosting services by an administrator of the Avalanche network of compromised systems. The administrator’s apartment in Poltava, Ukraine, was searched in November 2016 and the network was dismantled. The administrator of Avalanche is now facing prosecution in Ukraine for his role in providing hosting services to the GozNym criminal network.