Dridex gang skips fraudulent transactions and goes straight to ransomware

One of the most notorious cybercrime gangs, the Dridex group, has changed its strategy. Where they used to comb through their victims’ systems in order to transfer money to their own accounts through fraudulent transactions and end with a ransomware attack, the group is increasingly switching to the immediate use of ransomware. “And very specifically tailored to a specific victim,” Fox-IT’s principal security expert Michael Sandee says to Forbes.

The gang uses phishing mails to get into the systems of their victims, in many cases banks. “Next they find out how much is on the bank account, hijack the files and ask ransom for restoring access to the amount of what is on the bank account.” What is remarkable is that victims were led to a website on the ‘dark web’ that was customised to each victim. Even the ransomware was tailor-made. “They know exactly which antivirus program the victim uses and make sure that the ransomware is encrypted in such a way that it cannot be detected,” Sandee explains. According to Fox-IT, there have been at least 200 successful attacks in which ransoms were paid between 15,000 and 300,000 British pounds. However, the actual number of attacks may well have been much higher.

Michael Sandee

Principal Security Expert
For a more secure society
  • Experts
  • Services
  • Technology