The U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) has published a website to help victims of Gameover Zeus remove the malware.
In addition to the criminal charges announced Monday, U.S. law enforcement agencies have obtained civil and criminal court orders in Pittsburgh authorizing them to redirect the automated requests by victim computers away from the criminal operators to substitute servers established by investigators.
The order authorizes the FBI to obtain the Internet Protocol addresses of the victim computers reaching out to the substitute servers and to share that information with US-CERT, other countries' computer security agencies and private companies in an effort to assist victims of Gameover Zeus, the DOJ said. The FBI and other law enforcement agencies have not accessed the content of victims' computers or their electronic communications, the DOJ said.
Participating in the disruption operation were law enforcement agencies from Australia, the Netherlands, Germany, France, Italy, Japan, Canada, the Ukraine, the U.K. and other countries, the DOJ said.
In addition to the disruption operation against Gameover Zeus, the DOJ led a separate multi-national action to disrupt Cryptolocker, which began appearing about September 2013. The malware forces victims to pay as much as $700 to receive the keys necessary to unlock their files, the DOJ said.
By April, Cryptolocker had infected more than 234,000 computers, with approximately half of those in the U.S., the DOJ said. Victims made more than $27 million in ransom payments in the first two months after Cryptolocker emerged, according to one estimate.
Anyone claiming an interest in any of the property seized or actions enjoined pursuant to the court orders should visit the DOJ's Gameover Zeus website for notice of the full contents of the orders.