Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Same Cyber-Gang Behind Dridex, Locky and CryptoWall

SensorsTechForum-backdoor-trojan-horse-malware-ransomware-spreadNews broke out that the same gang which is behind the devastating Dridex banking malware was also reported to be behind other very famous viruses as well. The gang has initially begun to distribute CryptoWall, but this was just the beginning. Researchers claim that the cyber-criminals are also the same people who are behind Locky ransomware as well, according to Palo Alto Networks.

The Locky ransomware is not just any other virus. It has now come up with a third ransomware variant with an .odin file extension and this devastating malware is also reported to cause infections on a massive scale (over 90 thousand per 24 hours). Not only this, but the ransom payoff price was also reported to be quite high – in the estimates of approximately 1 BitCoin.

This cyber-gang behind Dridex, believed to be originating from Russia is most likely the biggest one at the moment. They have generated unimaginable profits up until this points and they have the resources to keep developing their ransomware viruses and spreading them massively.

Dridex malware spam was also reported by researchers at KnowBe4 to be sending out millions of malicious emails containing archived files (.zip, .rar) as e-mail attachments. These archives are the ones which have .js files and spread malware such as Locky.

The Dridex trojan itself is actually an evolved version of another Trojan horse also known as the Cridex Trojan. This particular type of malware was mainly created to target bank account information on infected computers and extract it to remote servers. The reason why this trojan became so widespread was that it became concealed within macros of important documents such as Invoices, Confirmation Letters and others.

The attacks by Dridex slowly declined since Microsoft has increased the security measures by disabling files that contain macros.

The bottom line for this is that the Dridex gang is a very well organized criminal ring and this may not be all to be seen from it. More threats from the gang are expected in the future, since it definitely has the capability of spreading them. It is not yet confirmed, but the gang may focus on RaaS schemes since this will allow for other affiliates to take the risk while distributing their malware.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.