U.S., U.K. Law Enforcement Takes Down Dridex Botnet

The Dridex banking botnet, also known as Bugat or Cridex, takes a major hit after authorities take action. The botnet stole at least $10 million from victims.

Dridex botnet

The Dridex botnet is somewhat diminished today, following a coordinated U.S. and U.K. effort to disrupt the global banking malware threat. The Dridex botnet, also known as Bugat and Cridex, has pilfered millions of dollars from unsuspecting victims.

In the United States, the Federal Bureau of Investigation estimates that at least $10 million in direct financial losses can be attributed to Dridex. In the United Kingdom, the National Crime Agency estimates Dridex losses to be £20m (approximately U.S.$31 million).

"The Bugat/Dridex botnet, run by criminals in Moldova and elsewhere, harmed American citizens and entities," Assistant Attorney General Caldwell of the U.S. Justice Department's Criminal Division, said in a statement. "With our partners here and overseas, we will shut down these cross-border criminal schemes."

The Justice Department is charging a single individual in the case, Moldovian national Andrey Ghinkul, also known as Andrei Ghincul and Smilex. The indictment against Ghinkul includes charges of criminal conspiracy, unauthorized computer access with intent to defraud, damaging a computer, wire fraud and bank fraud. U.S. authorities arrested Ghinkul in Cyprus on Aug. 28, 2015, and are currently seeking his extradition.

While Ghinkul is the only individual being charged, the indictment alleges that Ghinkul conspired with "other persons known and unknown to the grand jury."

"This is a particularly virulent form of malware, and we have been working with our international law-enforcement partners, as well as key partners from industry, to mitigate the damage it causes," Mike Hulett, head of operations at the U.K.'s National Crime Agency's National Cyber Crime Unit, said in a statement. "Our investigation is ongoing, and we expect further arrests to be made."

Dridex uses multiple attack vectors to infect victims in a bid to steal banking information. In January, security vendor Trustwave reported a Dridex spam campaign that was generating 15,000 emails a day in an attack focused on users in the United Kingdom.

Dridex is a longtime adversary of European banks, and the gang behind it develops it on an ongoing basis to keep it as elusive as possible and to evade security mechanisms, said Limor Kessem, senior cyber-security evangelist at IBM Security. The entire Dridex botnet is sectioned into 15 regional botnets, and each has its own configuration and targets, she added.

Though U.S. and U.K. authorities have taken legal aim at Dridex, Kessem said the banking botnet may not be done, yet. "While other botnets do see their operations end with a law-enforcement takedown, I'm not sure this is the last we'll hear from the Dridex gang," Kessem said. "We're closely monitoring for its resurrection. The next few weeks will be telling of the potential future of this Bugat-derived menace."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.