News broke out that the same gang which is behind the devastating Dridex banking malware was also reported to be behind other very famous viruses as well. The gang has initially begun to distribute CryptoWall, but this was just the beginning. Researchers claim that the cyber-criminals are also the same people who are behind Locky ransomware as well, according to Palo Alto Networks.
The Locky ransomware is not just any other virus. It has now come up with a third ransomware variant with an .odin file extension and this devastating malware is also reported to cause infections on a massive scale (over 90 thousand per 24 hours). Not only this, but the ransom payoff price was also reported to be quite high – in the estimates of approximately 1 BitCoin.
This cyber-gang behind Dridex, believed to be originating from Russia is most likely the biggest one at the moment. They have generated unimaginable profits up until this points and they have the resources to keep developing their ransomware viruses and spreading them massively.
Dridex malware spam was also reported by researchers at KnowBe4 to be sending out millions of malicious emails containing archived files (.zip, .rar) as e-mail attachments. These archives are the ones which have .js files and spread malware such as Locky.
The Dridex trojan itself is actually an evolved version of another Trojan horse also known as the Cridex Trojan. This particular type of malware was mainly created to target bank account information on infected computers and extract it to remote servers. The reason why this trojan became so widespread was that it became concealed within macros of important documents such as Invoices, Confirmation Letters and others.
The attacks by Dridex slowly declined since Microsoft has increased the security measures by disabling files that contain macros.
The bottom line for this is that the Dridex gang is a very well organized criminal ring and this may not be all to be seen from it. More threats from the gang are expected in the future, since it definitely has the capability of spreading them. It is not yet confirmed, but the gang may focus on RaaS schemes since this will allow for other affiliates to take the risk while distributing their malware.