A band of hackers implanted viruses on hundreds of thousands of computers around the world, seized customer bank information and stole more than $100 million, the Justice Department said Monday in announcing charges against the Russian man accused of masterminding the effort.
Federal officials say they disrupted separate cyberthreats surprising for their sophistication and global reach. One scheme secretly diverted millions of dollars by intercepting bank-account numbers and passwords, and the other locked hacking victims out of their own computers and surrendered control only if ransom payments were made.
“The criminals effectively held for ransom every private email, business plan, child’s science project or family photograph — every single important and personal file stored on the victim’s computer,” Leslie Caldwell, the head of the Justice Department’s criminal division, said at a press conference.
The FBI described the alleged ringleader, Evgeniy Bogachev, as one of the most active cybercriminals in the world, and issued a Most Wanted poster to seek his arrest. He faces criminal charges in Pittsburgh and Nebraska. He was not in custody, but authorities say they are working to seek his arrest.
The charges come two weeks after officials revealed cyber-espionage charges against five Chinese army hackers accused of stealing trade secrets from American firms.
The indictment against Bogachev concerns only one victim, Haysite Reinforced Plastics of Erie, in northwestern Pennsylvania. According to the indictment, two of the transfers went through — one for about $198,000 and one for about $175,000, but Haysite was able to block the other six attempts.
Officials with the business did not immediately return phone calls for comment Monday. The accounts were with Pittsburgh-based PNC Bank, which declined to comment.
A related civil complaint gave other, brief descriptions of victim entities, including an unspecified American Indian tribe in Washington state; an insurance company and a firm that runs assisted-living centers in Pennsylvania; a local police department in Massachusetts; a pest-control company in North Carolina; and two Florida businesses, a restaurant and a regional bank.
The Florida bank lost nearly $7 million through an unauthorized wire transfer. The Massachusetts police department, on the other hand, lost $750 when it paid a ransom demanded by the malicious software that infected its computers.
Last week, a federal judge in Pittsburgh granted a temporary restraining order against Bogachev and the others, demanding that they cease such activities. That order was unsealed along with the charges Monday.