The hackers behind GameOver Zeus and CryptoLocker are likely working on other ransomware, according to a security researcher atCloudmark.
Last summer police and security firms allied to bring down a botnet behind the trojan virus and ransomware, but since then various copycats have emerged in the form of CryptoWall and TorrentLocker.
Andrew Conway, research analyst at Cloudmark, said: "GameOver Zeus was taken down and largely put out of business last year, but the perpetrators are still at large and they seem to have scattered."
He added that it was "very hard to say" whether particular bits of malware were developed by the gang behind CryptoLocker, or whether bits of source code from the old virus had merely been recycled by other crooks.
"Some of the code has been reused, but I’d be surprised if it wasn’t the same people in business," he said. "It’s probably the same people."
At the time of the takedown a US federal grand jury charged Russian Evgeniy Bogachev with conspiracy, computer hacking and fraud, whilst a civil injunction accused him of leading up a Ukrainian-Russian cyber-gang.
Asked why the hackers had not restored their old infrastructure and reused the viruses, as some had predicted would happen at the time, Conway declined to go into details.
"There were parts of the technological infrastructure that were attacked that people [in the GameOver Zeus gang] weren’t able to replace," he said, but would not say more.
"There’s a working group of security experts that was put together to deal with GameOver Zeus, and those people are still talking to one another and still organised."
