WASHINGTON — A band of hackers implanted viruses on hundreds of thousands of computers around the world, secretly seized customer bank information and stole more than $100 million from businesses and consumers, the Justice Department said Monday in announcing charges against the Russian man accused of masterminding the effort.
In unveiling the criminal case, federal authorities said they disrupted Europe-based cyber threats that were sophisticated, lucrative and global.
Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.
In one scheme, the criminals infected computers with malicious software that captured bank account numbers and passwords, then used that information to secretly divert millions of dollars from victims' bank accounts to themselves. In another, they locked hacking victims out of their own computers, secretly encrypted personal files on the machines and returned control to the users only when ransom payments of several hundred dollars were made.
"The criminals effectively held for ransom every private email, business plan, child's science project or family photograph — every single important and personal file stored on the victim's computer," Leslie Caldwell, the head of the Justice Department's criminal division, said at a news conference.
The FBI called the alleged ringleader, Evgeniy Bogachev, 30, one of the most prolific cyber criminals in the world.
He has not been arrested, but Deputy Attorney General James Cole said U.S. authorities were in contact with Russia to try to bring him into custody.
Officials say the case is another stark reminder of the evolving cybercrime threat, although it's unrelated to the recently unsealed cyber-espionage indictment of five Chinese military hackers accused of stealing trade secrets from U.S. firms.
The group is accused in the development of both "Gameover Zeus" — a network of infected computers that intercepted customer bank account numbers and passwords that victims typed in — and "Cryptolocker," malicious software that hijacked victims' computers and demanded ransom payments. Computer users who refuse the ransom demands generally lose their files for good.
The victims of the different schemes included an American Indian tribe in Washington state, an insurance company and a firm that runs assisted living centers in Pennsylvania, a police department in Massachusetts, a pest control company in North Carolina and a restaurant operator in Florida.