October 13th 2014
UK internet users are being warned by the National Crime Agency (NCA) to protect themselves against a significant strain of malicious software (malware) which has enabled criminals to steal millions of pounds from UK bank accounts. Free detection and removal tools can be downloaded by clicking on the links below.
Dridex, as the malware is known (also called Bugat or Cridex), has been developed by sophisticated cybercriminals in Eastern Europe to harvest online banking details, which are then exploited to steal money from individuals and businesses around the world. Global financial institutions and a variety of different payment systems have been particularly targeted, with UK losses estimated at £20 million.
Some members of the public may also have unwittingly become victims of the Dridex malware. The NCA is encouraging all internet users to ensure their operating systems and software programs are kept up to date, and antivirus software installed on their devices, as well as downloading a free tool to detect and remove the malware, from any of these suppliers:
Trend Micro: http://housecall.trendmicro.com/
Computers become infected with Dridex malware when users receive and open certain attachments in seemingly legitimate emails. The NCA estimates there could be thousands of infected computers in the UK, the majority running on the Windows operating system.
The NCA is conducting activity to ‘sinkhole’ the malware (stopping infected computers forming the ‘botnet’ they become part of, from communicating with the cybercriminals controlling them). This is taking place in conjunction with similar activity being undertaken by the Federal Bureau of Investigation (FBI) in the US.
The NCA’s National Cyber Crime Unit has rendered a large portion of the botnet harmless and is now initiating remediation activity to safeguard victims.
This activity is part of a sustained and ongoing campaign targeting multiple versions of Dridex and the cybercriminals behind it, who operate in hard-to-reach parts of the world.
The NCA and the FBI – with support from EC3 (part of Europol), GCHQ, CERT-UK, the Bundeskriminalamt (BKA) in Germany, the Moldovan authorities and key private sector security partners – are developing and deploying ground breaking techniques to safeguard victims and frustrate criminal networks. This has resulted in a significant arrest – with more expected – and worldwide disruption of a sophisticated cybercriminal network.
You are reminded that you should be vigilant and not open documents in emails, or click on links, if they are unexpected or if you are unclear about the sender.
If you are an individual or business who think you have lost money through malware such as Dridex, you should report your concerns to Action Fraud via its online reporting tool or by calling 0300 123 2040, and also alerting the bank concerned.
Mike Hulett, Head of Operations at the NCA’s National Cyber Crime Unit (NCCU) said: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to made. Those who commit cybercrime are very often highly skilled and can be operating from different countries and continents. They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cybercrime.”
Mr Hullett continued: “We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.