AfterDawn: Tech news

U.S. identifies Russian linked to Cryptolocker, Gameover ZeuS

Written by James Delahunty @ 02 Jun 2014 7:52 User comments (4)

U.S. identifies Russian linked to Cryptolocker, Gameover ZeuS The U.S. has charged a Russian man in connection with the Gameover Zeus botnet, and Cryptolocker ransomware that has cost businesses and consumers millions of dollars.
As we reported, the FBI coordinated with international counterparts in several countries and with private companies to take measures aimed at stifling the operations of the Gameover Zeus botnet and Cryptolocker ransomware.

In addition to those technical actions, the Department of Justice also unsealed criminal charges in Pittsburgh, Pennsylvania, and Omaha, Nebraska, against an administrator of the botnet. The administrator is identified as Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russian Federation.

(HOW-TO: Here are instructions on how to detect and remove Gameover ZeuS from PCs)

He has been charged with conspiracy, computer hacking, wire fraud, band fraud and money laundering in Pittsburgh. Additionally, he was also charged by criminal complaint in Omaha with conspiracy to commit bank fraud related to his alleged involvement in the operation of a prior variant of Zeus malware known as "Jabber Zeus."

In a civil injunction application filed by the United States in federal court in Pittsburgh, Bogachev is alleged to be the leader of a gang of cybercriminals based in Russia and Ukraine allegedly responsible for the development of Gameover Zeus and Cryptolocker.

Bogachev allegedly used online nicknames "Slavik" and "Pollingsoon," and is also believed to be the "Lucky12345" previously the subject of criminal charges in September 2012.

Wanted by the FBI

Evgeniy Bogachev has been added to's archive of wanted individuals. He is described as being 30 years of age, approximately 5'9" and weighing about 180lb. He is suspected to be residing in Russia.

Here is the FBI's account of his alleged historical criminal activities.

Evgeniy Mikhailovich Bogachev, using the online monikers "lucky12345" and "slavik", is wanted for his alleged involvement in a wide-ranging racketeering enterprise and scheme that installed, without authorization, malicious software known as "Zeus" on victims' computers. The software was used to capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts. While Bogachev knowingly acted in a role as an administrator, others involved in the scheme conspired to distribute spam and phishing emails, which contained links to compromised web sites. Victims who visited these web sites were infected with the malware, which Bogachev and others utilized to steal money from the victims' bank accounts. This online account takeover fraud has been investigated by the FBI since the summer of 2009.
Starting in September of 2011, the FBI began investigating a modified version of the Zeus Trojan, known as Gameover Zeus (GOZ). It is believed GOZ is responsible for more than one million computer infections, resulting in financial losses in the hundreds of millions of dollars.

On August 22, 2012, Bogachev was indicted under the nickname "lucky12345" by a federal grand jury in the District of Nebraska on charges of Conspiracy to Participate in Racketeering Activity; Bank Fraud; Conspiracy to Violate the Computer Fraud and Abuse Act; Conspiracy to Violate the Identity Theft and Assumption Deterrence Act; and Aggravated Identity Theft. On May 19, 2014, Bogachev was indicted in his true name by a federal grand jury in the Western District of Pennsylvania on charges of Conspiracy; Computer Fraud; Wire Fraud; Bank Fraud; and Money Laundering. On May 30, 2014, a criminal complaint was issued in the District of Nebraska that ties the previously indicted nickname of "lucky12345" to Bogachev and charges him with Conspiracy to Commit Bank Fraud.

Sources and Recommended Reading:

Previous Next  

4 user comments

13.6.2014 11:21


Its a lot easier being righteous than right.

DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD

23.6.2014 23:22

And people wonder why companies and government agencies like the NSA take extreme measures to try and find idiots like this. They probably downloaded his picture from the net. Good for them!!

37.6.2014 21:11

Originally posted by Jemborg:
You're being rather kind to this shite-stain are you not Jem...
How you doing buddy

47.6.2014 22:04

Cheers Chappers. I guess that's my righteous side haha.

Can't complain... hope you're doing well.

Its a lot easier being righteous than right.

DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD

Comments have been disabled for this article.

News archive