Dridex malware taken down in global police sting

A global police operation has severely dented the impact of a malware strain that is thought to have cost Brits in the region of £20 million.

Dridex (sometimes referred to as Bugat or Cridex) spread to computers around the world through spam emails. Once a computer became infected, the malware would sit idle and wait until users loaded online banking sites, at which point it would switch to a login form connected to criminal infrastructure.

Armed with usernames and passwords, the criminals could then siphon off money, with estimates suggesting they could have made £20 million from UK account holders alone.

Good cop ‘Evil Corp’

The Dridex game looks to be up, though, thanks to a joint operation by the National Crime Agency (NCA), Spamhaus, GCHQ, the Metropolitan Police and the FBI – among others. They created sinkhole operations to poison the Dridex peer-to-peer network, effectively cutting off victims’ PCs from botnet masters. This was in addition to the arrest of the Dridex botnet administrator, Andrey Ghinkul, in Cyprus back in August.

Whilst the reach of Dridex could be huge, the public need not be too worried about whether they’re infected. Businesses, on the other hand, have more cause for concern. Evil Corp, which is behind the malware, focused more on companies than individuals. Furthermore, Ghinkul’s arrest brought about an immediate stop to Dridex’s spread.

That said, the malware still exists, so could be appropriated by other criminal groups operating their own botnets.

As always, Windows users are advised to keep their computers safe through up-to-date antivirus software. Plus, Word or Excel attachments from unknown sources should be treated with caution, and Microsoft Office macros should be disabled – or at least set to request permission. For further information regarding how to keep your business safe from threats speak to your IT support provider.

Head of operations at the NCA’s National Cyber Crime Unit, Mike Hulett, commented: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes.

“Our investigation is ongoing and we expect further arrests to be made.”

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Dridex malware taken down in global police sting

Good cop ‘Evil Corp’

Categories

Horsham Office: 01293 871971 | London Office: 0203 763 3919 | IT Support: 01293 876000