13 October 2015
UK internet users are being asked to protect themselves against a significant strain of malicious software (malware) which has enabled criminals to steal millions of pounds from UK bank accounts.
Dridex malware, also known as Bugat and Cridex, has been developed by technically skilled cyber criminals in Eastern Europe to harvest online banking details, which are then exploited to steal money from individuals and businesses around the world. Global financial institutions and a variety of different payment systems have been particularly targeted, with UK losses estimated at £20m.
Some members of the public may also have unwittingly become victims of the Dridex malware and the National Crime Agency is encouraging all internet users to ensure they have up to date operating systems and anti-virus software installed on their machines, to protect themselves from further cyber crime attacks.
Computers become infected with Dridex malware when users receive and open documents in seemingly legitimate emails. The NCA assesses there could be thousands of infected computers in the UK, the majority being Windows users.
Users are urged to visit the CyberStreetWise and GetSafeOnline websites where a number of anti-virus tools are available to download to help clean up infected machines and get advice and guidance on how to protect themselves in the future.
The National Crime Agency is conducting activity to ‘sinkhole’ the malware, stopping infected computers – known as a botnet - from communicating with the cyber criminals controlling them. This activity is in conjunction with a US sinkhole, currently being undertaken by the FBI.
The agency’s National Cyber Crime Unit (NCCU) have rendered a large portion of the botnet harmless and are now initiating remediation activity to safeguard victims.
This activity is part of a sustained and ongoing campaign targeting multiple versions of Dridex and the cyber criminals behind it, who operate in hard to reach parts of the world.
The FBI and the National Crime Agency, with support from EC3 and JCAT at Europol, the Metropolitan Police Service, GCHQ, CERT-UK, the BKA in Germany, the Moldovan authorities and key private sector security partners are developing and deploying techniques, to safeguard victims and frustrate criminal networks. This has resulted in a significant arrest, with more expected, and worldwide disruption of a sophisticated cyber criminal network.
Members of the public are reminded they should be vigilant and not open documents in emails, or click on links, if they are unexpected or if they are unclear about its origin.
If any internet users think they have lost money through malware such as Dridex, they should report their concerns to Action Fraud and alert their respective banks.
Mike Hulett, Head of Operations at the National Crime Agency’s National Cyber Crime Unit (NCCU) said:
“This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to made.
Executive Assistant Director Robert Anderson from the FBI said:
“Those who commit cyber crime are very often highly-skilled and can be operating from different countries and continents. They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cyber crime.
“We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.
“Cyber criminals often reach across international borders, but this operation demonstrates our determination to shut them down no matter where they are. The criminal charges announced today would not have been possible without the cooperation of our partners in international law enforcement and private sector. We continue to strengthen those relationships and find innovative ways to counter cyber criminals.”
Internet users can use the following links to access anti-virus software:
Trend Micro: http://housecall.trendmicro.com/
Note - the above are examples only and do not constitute an exhaustive list. The NCA does not endorse specfic products.