Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Results 2 Restitution and victims 3 Participating law enforcement agencies 4 See also 5 References

Operation Tovar

●Italiano ●日本語 Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

This article may be in need of reorganization to comply with Wikipedia's layout guidelines. Please help by editing the article to make improvements to the overall structure. (January 2017) (Learn how and when to remove this message)

Operation Tovar
Operation Name	Operation Tovar
Roster
Executed by	U.S. Department of Justice, U.S. Federal Bureau of Investigation, U.K. National Crime Agency
Countries Participated	United States, United Kingdom, South African Police Service, Australia, Netherlands, Germany, Luxembourg, Ukraine, Canada, New Zealand, Japan, Italy, and France
# of Countries Participated	13
Mission
Target	Gameover ZeuS botnet
Method	undisclosed
Timeline
Date begin	Before June 2014
Results
Arrests	2+
Accounting

Operation Tovar was an international collaborative operation carried out by law enforcement agencies from multiple countries against the Gameover ZeuS botnet, which was believed by the investigators to have been used in bank fraud and the distribution of the CryptoLocker ransomware.^[1]

In early June 2014, the U.S. Department of Justice announced that Operation Tovar had temporarily succeeded in cutting communication between Gameover ZeuS and its command-and-control servers.^[1]^[2]^[3]

The criminals attempted to send a copy of their database to a safe location, but it was intercepted by agencies already in control of part of the network.

Results[edit]

Russian Evgeniy Bogachev, aka "lucky12345" and "Slavik", was charged by the US FBI for being the ringleader of the gang behind Gameover Zeus and Cryptolocker. The database indicates the scale of the attack, and it makes decryption of CryptoLocked files possible.

Restitution and victims[edit]

In August 2014 security firms involved in the shutdown, Fox-IT and FireEye, created a portal, called Decrypt Cryptolocker, which allows any of the 500,000 victims to find the key to unlock their files. Victims need to submit an encrypted file without sensitive information, which allows the unlockers to deduce which encryption key was used. It is possible that not all CryptoLocked files can be decrypted, nor files encrypted by different ransomware.^[4]^[5]^[6]

Analysis of data that became available after the network was taken down indicated that about 1.3% of those infected had paid the ransom; many had been able to recover files that had been backed up, and others are believed to have lost huge amounts of data. Nonetheless, the gang was believed to have extorted about US$300m.^[4]

Participating law enforcement agencies[edit]

Europol
European Cybercrime Centre (EC3);
United States
- Department of Justice (DOJ)
- Federal Bureau of Investigation (FBI)
- Defense Criminal Investigative Service of the U.S. Department of Defense^[3] (DOD)
United Kingdom - U.K. National Crime Agency (NCA)
South Africa - South African Police Service.
Australia - Australian Federal Police (AFP)
Netherlands -
- Dutch National Police
- National Criminal Investigation Service
Germany - Bundeskriminalamt (BKA)
France - Police Judiciaire
Italy - Polizia Postale e delle Comunicazioni
Japan - National Police Agency
Luxembourg - Police Grand Ducale
New Zealand - New Zealand Police
Canada - Royal Canadian Mounted Police
Ukraine
- Ministry of Internal Affairs
- Division for Combating Cyber Crime.

Law enforcement worked together with a number of security companies and academic researchers,^[2]^[7] including Dell SecureWorks, Deloitte Cyber Risk Services, Microsoft Corporation, Abuse.ch, Afilias, F-Secure, Level 3 Communications, McAfee, Neustar, Shadowserver, Anubisnetworks, Symantec, Heimdal Security, Sophos and Trend Micro, and academic researchers from Carnegie Mellon University, the Georgia Institute of Technology,^[3] VU University Amsterdam and Saarland University.^[2]

References[edit]

^ ^a ^b Storm, Darlene (June 2, 2014). "Wham bam: Global Operation Tovar whacks CryptoLocker ransomware & GameOver Zeus botnet". Computerworld. Archived from the original on March 13, 2023. Retrieved March 23, 2023.

^ ^a ^b ^c Brian, Krebs (2 June 2014). "'Operation Tovar' Targets 'Gameover' ZeuS Botnet, CryptoLocker Scourge". Krebs on Security. Archived from the original on 4 June 2014. Retrieved 4 June 2014.

^ ^a ^b ^c "U.S. Leads Multi-National Action Against "Gameover Zeus" Botnet and "Cryptolocker" Ransomware, Charges Botnet Administrator" (Press release). U.S. Department of Justice. 2 June 2014. Archived from the original on 3 September 2014. Retrieved 22 November 2020.

^ ^a ^b "Cryptolocker victims to get files back for free". BBC News. 6 August 2014. Archived from the original on 13 January 2020. Retrieved 21 June 2018.

^ Osborne, Charlie (6 June 2014). "FireEye, Fox-IT launch free service to combat Cryptolocker ransomware". ZDNET. Archived from the original on 3 July 2022. Retrieved 23 March 2023.

^ Wilhoit, Kyle; Dawda, Uttang. "Your Locker of Information for CryptoLocker Decryption". FireEye. Archived from the original on 8 August 2014.

^ Dunn, John E. (2 June 2014). "Operation Tovar disconnects Gameover Zeus and CryptoLocker malware - but only for two weeks". TechWorld. Archived from the original on 6 June 2014. Retrieved 4 June 2014.

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach Hacking Team Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Vault7 data breach Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Advanced
persistent threats

Individuals

Major vulnerabilities
publicly disclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=Operation_Tovar&oldid=1221856405" Categories: ●Cybercrime ●Multinational law enforcement operations ●Federal Bureau of Investigation operations ●U.K. National Crime Agency Operations ●Law enforcement operations in Australia ●Law enforcement operations in Canada ●Law enforcement operations in Germany ●Police operations in France Hidden categories: ●Articles with short description ●Short description matches Wikidata ●Wikipedia articles needing reorganization from January 2017 ●This page was last edited on 2 May 2024, at 11:50 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view