A cyber gang spanning multiple countries infected computers with GozNym malware. That malware led to over $100 million being skilled from personal bank accounts before the criminals were finally caught.
Ranging from the US to Bulgaria, Germany, Georgia, Moldova and Ukraine, the police operation was decidedly complex as they tracked the gang across borders.
The gang consisted of criminals who advertised their prowess on online forums.
- So far, according to the BBC, ten members have been charged in Pittsburgh, US, ranging from stealing money to laundering.
- Five Russians remain on the run, including the GozNym designer.
- The leader and his assistant face charges in Georgia.
- The criminal in charge of bank accounts has been extradited from the US to Bulgaria for trial.
- The person who encrypted the malware is facing prosecution in Moldova.
- Lastly, two members face laundering charges in Germany.
GozNym is a hybrid of Nymaim and Gozi, two pieces of pre-existing malware. Nymaim is used to get ransomware onto devices while Gozi is aimed at stealing financial information.
Combined in the GozNym form, the malware is a “double-headed monster,” as noted by an industry expert.
Those who received the “simple link” were giving the hackers their most intimate banking details. They stole over $100 million.
When the take-down operation was revealed at the Europol headquarters in The Hague, officials noted that the investigation was unprecedented due to the extensive cooperation and coordination needed by many governments from many countries.
A computer scientist from the University of Surrey, Prof Alan Woodward, has noted that this particular case highlights “how common the selling of nefarious cyber-skills has become.”
This “crime as a service” is an online trend that has been growing in recent years, switching organized crime from the streets to cyberspace.