Powerful computer virus could start emptying bank accounts in a fortnight unless Britons protect against attack now, National Crime Agency warns

00m cybercrime mastermind

By Chris Greenwood

Published: 15:11 EST, 2 June 2014 | Updated: 15:54 EST, 3 June 2014




The U.S. Justice Department has filed papers accusing Russian Evgeniy Mikhailovich Bogachev, pictured, as being the leader of the gang behind the software

He is wanted for being the alleged mastermind in a global multi-million dollar cyber crime which has put thousands of British computer users at risk.

But the Russian man suspected of being behind the so-called Gameover Zeus ransom virus may become a thorn in the FBI's side - in the same way as ex-CIA employee Edward Snowden, who is fighting extradition to the U.S. over claims he leaked secret surveillance documents.

Evgeniy Mikhailovich Bogachev was last night accused of being the head of an international gang behind the software.

But there are already fears that the 30-year-old may never be arrested as Russia does not extradite accused criminals to other countries.

It comes as Computer users were last night warned to take urgent action to protect themselves from a global cyber virus pandemic.

Police across the globe launched an unprecedented attack on high-tech criminals behind software causing misery to millions.

The computers of more than 15,000 people in the UK are already infected with a virus that could cost our economy ‘millions’, the National Crime Agency (NCA) warned.

But the grip of those behind the so-called ‘malware’ has been weakened by a counter attack on the servers which control the software.

Prosecutors have pointed the finger at Bogachev who they claimed was the head of a set-up consisting of criminals in the UK as well as in Russia and Ukraine.

Computer experts said computer users must install anti-virus software and update their operating systems to the latest versions to stop it regaining its hold.

Those who fail to do so risk having their valuable data, including precious photographs, music and personal files held to ransom.

The FBI called the alleged ringleader, 30-year-old Evgeniy Bogachev, one of the most prolific cyber criminals in the world and issued a 'Wanted' poster, pictuted, that lists his online monikers and describes him as a boating enthusiast

In the worst cases, victims could lose access to their bank accounts which could be systematically drained by the criminal network.

The software, called Gameover Zeus, has spread worldwide but has been temporarily disabled by the international effort by law enforcement agencies.

Potential victims can protect themselves but have only a short time to do so before the hackers can rebuild their network.

The international effort by forces including the NCA, Interpol and Europol, targeted the ‘command and control’ servers behind the virus.


Hackers will be able to install new ones, but it is thought that there will be a window of opportunity of at least two weeks for computer users to protect themselves.

Many of those whose computers have already been infected will be contacted by their internet service providers.

The software installs itself on a computer when the victim clicks on a link in an unsolicited email or via a website.

Scroll down for video

In the worst cases, victims could lose access to their bank accounts which could be systematically drained


Could Russian Evgeniy Mikhailovich Bogachev, pictured, be the behind the global cyber virus pandemic?

He is the man suspected of being behind a gang that has sparked a global cyber virus pandemic.

But the FBI has already spent years looking for Russian Evgeniy Mikhailovich Bogachev who uses the online names ‘lucky12345’ and ‘slavik’.

The 30-year-old is wanted for his alleged involvement in a ‘racketeering enterprise’ that installed malicious software known as ‘Zeus’ on victims’ computers.

The software was used to capture bank account numbers, passwords, personal identification numbers, and other information needed to log into online banking accounts.

The FBI believes Bogachev knowingly acted in a role as an administrator while others involved in the scheme conspired to distribute spam and phishing emails, which contained links to compromised websites.

Victims who visited these web sites were infected with the malware, which Bogachev and others allegedly used to steal money from the victims’ bank accounts.

This online account takeover fraud has been investigated by the FBI since the summer of 2009.

Starting in September 2011, the FBI began investigating a modified version of the Zeus Trojan, known as Gameover Zeus (GOZ).

It is believed GOZ is responsible for more than one million computer infections, resulting in financial losses in the hundreds of millions of dollars.

On August 22, 2012, Bogachev was indicted under the nickname ‘lucky12345’ by a federal grand jury in the District of Nebraska on a number of charges including Bank Fraud, Conspiracy to Violate the Computer Fraud and Abuse Act and Aggravated Identity Theft.

On May 19, 2014, Bogachev was indicted in his true name by a federal grand jury in the Western District of Pennsylvania on charges of Conspiracy, Computer Fraud, Wire Fraud, Bank Fraud and Money Laundering.

Then just days ago on May 30, a criminal complaint was issued in the District of Nebraska that ties the previously indicted nickname of ‘lucky12345’ to Bogachev and charges him with Conspiracy to Commit Bank Fraud.

He is described as white with brown hair (though his head is usually shaved) and brown eyes. He is 5ft 9ins tall and weighs around 180 pounds (82kg).

Bogachev was last known to live in Anapa, Russia. He is believed to enjoy boating and may travel to locations along the Black Sea in his boat. He also owns property in Krasnodar, Russia.

It then sends out more emails to lure further victims, without the knowledge of the computer users, and spreads quickly across the internet.

The virus lays dormant until it spots an opportunity to steal personal details such as online banking information and passwords.

It then transmits this information back to the criminal network who use it to drain the victim’s accounts.

In a further twist, if the user is not a ‘viable’ victim then the software locks the information on the computer and holds it to ransom.

At the moment the software demands one Bitcoin, an untraceable form of online currency favoured by criminals, which is around £300.

The U.S. Government admitted that at least one police force has been forced to pay this ransom to release sensitive files.

The software can lock the information on a computer and hold it to ransom - one Bitcoin, an untraceable form of online currency favoured by criminals, which is around £300. File picture

Last night, the U.S. Justice Department filed papers accusing a Russian named Evgeniy Mikhailovich Bogachev as being the leader of the gang behind the software.

The complaint claims the software has been responsible for the loss of more than $100m from individuals and a string of major companies.

Bogachev's operation, prosecutors say, consisted of criminals in Russia, Ukraine and the UK who were assigned different roles within the conspiracy.

Andy Archibald, of the NCA, said: ‘Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals.

‘By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.

‘Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action.

‘Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.’

While Bogachev has not been arrested, Deputy Attorney General James Cole said U.S. authorities were in contact with Russia to try to bring him into custody.

Computer users who fear they could fall victim to the virus are advised to install anti-virus software and ensure their operating system has the latest security updates.

It is thought that the gang first check if a target’s keyboard is in Russian and only strike if it is another language.

Eunice Power is one British victim who has been blackmailed by the cyber criminals.

After corrupting files on her computer, the gang offered to fix the problem for several hundred pounds. 

US says Russian national committed cyber crimes


Potential victims can protect themselves but have only a short time to do so before the hackers - whose attempts have been temporarily thwarted - can rebuild their network.

The US Department of Homeland Security urged users to install anti-virus software on their computer and ensure that the latest operating systems were also installed on their computers.

If systems do not offer automatic updates, people should enable it, the department said.

It also advised changing passwords, as original passwords may have been compromised during the infection.

The National Crime Agency advised computer users to consult the Government-backed getsafeonline.org website.

From that website, computer users can download tailored anti-virus software which has been provided for free by eight companies.

Symantec also advised computer users to review all their bank and credit card statements for irregularities.

It also advised being cautious when handling unsolicited or unexpected emails, particularly during the two-week window before hackers rebuild their network.

Experts have also warned users to back-up all valuable data.

Many of those whose computers have already been infected will be contacted by their internet service providers.

Miss Power, a chef who runs a business from home, told Channel 4 News: ‘I could actually feel perspiration coming out through me.

‘I lost everything: family photographs, recipes, payroll, my accounts package. It was devastating.’

The attack was so complex that an external storage unit that was connected to the computer at the time was targeted by the gang, preventing Miss Power from accessing it.

AEV Ltd, a varnish factory in Birkenhead, was hit with ‘utter disaster’ when the criminals hacked into the company’s bank account to fake two payments costing £100,000.

The criminals created two fake payment pages and tricked an employee of the company into authorising them.

Managing director Jonathan Kemp said: ‘It started out as a normal day and ultimately by the afternoon in a period of three minutes we were £100,000 down.’

Although the company was refunded by the bank, Mr Kemp said he spoke to other companies who had been hit by the scam, accumulating their losses at £3.5 million.

Stewart Garrick, from the National Cyber Crime Unit, said that solicitor firms, police stations in America and academic institutions had been targeted.

Charlie McMurdie, former head of the national ecrime unit, described the threat as a ‘cyber plague’ and warned that it could also be used to target mobile phones.

She said: ‘Once one of these plagues is released everybody will pick up on it, adapt it and people around the world will be using these sorts of virus to carry out crime.

‘It’s not just computers, this kind of malware is now being hitting our mobile phones.’

‘It can have a significant impact on individuals and companies.’

She said that the virus ‘had been known about for a long period of time’ and said that warnings about the virus had been issued over the last few months.

Share or comment on this article