Department of Justice Provides Update on GameOver Zeus and Cryptolocker Disruption

U.S. Department of Justice July 11, 2014


WASHINGTON—The Justice Department today filed a status report with the United States District Court for the Western District of Pennsylvania updating the court on the progress in disrupting the GameOver Zeus botnet and the malicious software known as Cryptolocker. The disruption began in late May, when the Justice Department implemented a series of Court-authorized measures to neutralize GameOver Zeus and Cryptolocker—two of the most sophisticated and destructive forms of malicious software in existence.

In the status report, the Justice Department informed the court that the technical and legal measures undertaken to disrupt GameOver Zeus and Cryptolocker have proven successful, and that significant progress has been made in remediating computers infected with GameOver Zeus.


The Justice Department reported that all or nearly all of the active computers infected with GameOver Zeus have been liberated from the criminals’ control and are now communicating exclusively with the substitute server established pursuant to court order. The Justice Department also reported that traffic data from the substitute server shows that remediation efforts by Internet service providers and victims have reduced the number of computers infected with GameOver Zeus by 31 percent since the disruption commenced.

The Justice Department also reported that Cryptolocker has been neutralized by the disruption and cannot communicate with the infrastructure used to control the malicious software. As a result, Cryptolocker is effectively non-functional and unable to encrypt newly infected computers.

Computer users who believe they may be infected with GameOver Zeus are encouraged to visit the Department of Homeland Security’s dedicated GameOver Zeus webpage, which is located at Among other resources, the webpage includes links to tools from trusted vendors that can detect and remove the GameOver Zeus infection.