Arrests in Europe and the US seem to be the cyber crime careers of the gang behind the GozNym bank malware.
According to Europol, which coordinated the pursuit of ten people in Ukraine, Moldova, Georgia, Bulgaria, Germany and the US, GozNym stole $ 100 million by infecting 41,000 devices around the world – mainly business computers.
Among those arrested were the alleged network brain behind, arrested in Georgia, and another person in Ukraine who tried in vain to escape the police by making a firearm. Five unnamed Russians remain on the run.
The GozNym malware was created sometime around 2015 by combining the code of two older malware, the well-known banking Trojan Gozi that leaked in 2010 and the Nymaim dripper, a more recent malware that is most commonly used to release ransomware attacks .
The combination combined the best of two somewhat different worlds, and appeared in 2016 in attacks against customers of two dozen American and Canadian banks.
The attacks used a general technique – blowing out the malware in phishing campaigns, or via exploit kits planted on websites; recording online bank references; gain access to those accounts to steal money; and money laundering:
The GozNym network illustrated the concept of cyber crime as a service, with various criminal services such as bulletproof hosters, money emule networks, crypters, spammers, coders, organizers and technical support.
The gangs behind them were highly specialized in their roles, each performing different tasks, from coding, sending phishing emails and tending towards the cash flow of victims.
The breakthrough in mapping the people behind GozNym can be traced back to Europol's removal of the Avalanche botnet in 2016. That was used to host GozNym, which gave the police various clues.
The operation is distinguished by the unusual way in which it was conducted, with simultaneous persecution in four countries at the same time, and represented what Europol described as a "paradigm shift".
Normally, prosecutions run randomly in different countries for reasons related to local law and the legal process.
A complicating factor is the fact that a person can be arrested in one country for crimes committed in another country and that may or may not have reciprocal extradition agreements.
Said Scott Brady of the American Attorney & # 39; s Office for the Western District of Pennsylvania:
The response to law enforcement must be just as broad and limitless. We believe that this is the new blueprint for how we will attack cyber crime in the future.
This is good news – although we unfortunately suspect that there are still many cyber criminals and malware to come …