FBI and GCHQ investigate Dridex malware after millions stolen from bank accounts
An investigation spanning the US and Europe is under way after tens of millions of dollars was stolen from bank accounts. The thefts are believed to have been facilitated by a strain of malware known variously as Dridex, Bugat, and Cridex, enabling a group known as Evil Corp to siphon off funds.
The malware has been known of for some time, but law enforcement agencies have only just started to make significant inroads that could thwart the activities of the botnet. An arrest has now been made in connection to the malware which hijacked online banking login pages on infected computers. After stealing usernames and passwords, taking money from accounts was a simple task.
Europol, the FBI, GCHQ, and the UK's Computer Emergency Response Team are working together to fight what has been described as the worst cyber-attack ever seen. It was thought that agencies had managed to stop the botnet in its tracks, but now there are fears that attacks are starting up once again.
Mike Hulett from the UK's National Crime Agency said:
This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to made.
Dridex is believed to target small to medium-sized businesses rather than individuals or large organizations, and it was spread through emails crafted to fool finance departments.
The US Department of Justice has just released details of an arrest that was made in August:
Andrey Ghinkul, aka Andrei Ghincul and Smilex, 30, of Moldova, was charged in a nine-count indictment unsealed today in the Western District of Pennsylvania with criminal conspiracy, unauthorized computer access with intent to defraud, damaging a computer, wire fraud and bank fraud. Ghinkul was arrested on Aug. 28, 2015 in Cyprus. The United States is seeking his extradition.
The US Computer Emergency Readiness Team has set up a page detailing the tools that can be used to check for and remove the malware.
Photo credit: wk1003mike / Shutterstock