Dridex is a malware known for being behind the theft of millions of euros in no less than 10 different countries around the world since October 2014. Dridex was developed in Eastern Europe attacking both the general public as much as enterprises. The United States of America and the United Kingdom are on the top of the list of countries affected by Dridex.
Dridex works as any other malware out there spreading itself with attached files in phishing e-mail messages. Usually the attached file is an Office file containing malicious VBA macros. Opening the door for this malware is as simple as opening the attached file, the macros will make sure the malware is downloaded. As soon as the malware is installed is able to steal bank data from the affected user. This kind of malware is often developed with great care not to raise suspicious, even its messages are written in good English, including the subject and the text. Usually the text is related to some alleged charging issue, in an attempt to make the user open the file.
However Dridex goes beyond being a simple malware, it has a whole network of infected PCs and servers, which are used to send over the stolen information. These servers have been confiscated by the authorities in an effort to dismantle the network. It was a joint effort by the FBI and the NCA (National Crime Agency), the European agency working against cyber-crime, that manage to dismantle Dridex‘s network as announced on October 13, 2015. The presumed administrator of this network is Moldavian citizen Andrey Ghinkul aka “Smilex”, and was arrested earlier in the summer. He might be extradited to the United States to be prosecuted.
If you wish to protect yourself from this kind of problem, you must:
- Restrain yourself from opening attached documents whose sender you don’t know or those you never asked for.
- Deactivate macros execution on all office software
- Keep your OS and antivirus updated.
If you suspect you might be affected by Dridex or are actually sure of it, you can use our guide to remove it.
View full solution