Threat Management, Security Strategy, Plan, Budget

Botnet used to deliver Dridex and Locky vanishes

One of the world's largest botnets that has been used to deliver the Dridex and Locky campaigns appears to have vanished.

A FireEye researcher told Vice's Motherboard that spam campaigns for both malware types has seemingly stopped since June 1 and that they cannot confirm how the botnet was brought down.  

In an odd twist the botnets removal could mean victims who are willing to pay the ransom may no longer be able to do so, the researchers said.

“Victims of the Locky ransomware in the past have been able to pay to get their data back, but now with the infrastructure being taken offline it is unclear whether the crypto keys have been preserved or if there is anyone to distribute them,” Tripwire security researcher Craig Young told via email comments.

On June 1, Russian authorities arrested 50 hackers who allegedly stole the equivalent of more than $25 million (U.S.) from various Russian financial institutions, Reuters reported, and that has been offered up, but not confirmed, as one explanation why the botnet disappeared.

Group-IB, a Russian cybersecurity firm that works with law enforcement, told Motherboard it doesn't think the two instances are connected. 

Young feels there may be another explanation.

“It is entirely possible that its operators have been spooked by law enforcement (or other) actions and have simply wiped all of the systems they used for running the criminal campaign,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.