Europol Successful Against Ramnit Botnet That Targeted 3.2 Million PCs

Media Division | February 26, 2015

The premier European investigation agency, Europol, has shut down a major cybercrime ring operation consisting of Ramnit botnets. This botnet has been responsible for infecting 3.2 million PCs around the globe with a number of them in India and Indonesia.

With the attack, hackers stole banking information by hacking into more than 3 million PCs as well as infection via phishing emails and social networks. When Windows users clicked on the malicious links spread by Ramnit malware, the virus would be installed on their computers, and then the infected computers would be accessible by hackers to steal personal and financial information, hack passwords and even deactivate the antivirus protection on the infected machine.

Europol stated that it conducted the operation with the help of Italian, Dutch, British and German investigators as well as 3 tech companies including Microsoft. The companies also helped the investigation unit to dismantle the command-and-control infrastructure used by cyber criminals.

“The criminals have lost control of the infrastructure they were using,” was the statement made to Reuters by Europol’s cybercrime center’s head of operations, Paul Gillen. Europol has also been coordinating cross-border initiatives to bring down cyber criminal infrastructure on the web and catch those responsible.

After the investigations and armed with the order from court, Europol and allies seized servers in four countries and completely destroyed the botnet network. India was the leading country in infected zombie computers accounting for 27 percent of infections, followed by Indonesia accounting for 18 percent of infections. Other countries including Vietnam, The US, Bangladesh, and the Philippines were also in the list.

Wil van Gemert, Europol’s deputy director operations, stated that the operations showcased the significance of international law enforcement collaborating with the private industry in the global fight against cyber crime. The agency will continue its efforts in bringing down botnets and disrupting the infrastructures used by cyber criminals to conduct a variety of attacks. The aim is to protect people and businesses around the world against such threats.

Ramnit was a malware with a modular design that made it different and dangerous than many other malware types. Once a machine was infected, it was possible for hackers to upgrade the malware to add more features and upgrade the malware to bring down attempts to remove it. Different modules also mean that different elements of this malware could be updated by coders and optimized according to the adverse task at hand.

However, firms around the globe should take precautions for the future rather than relying on someone to intervene and address botnets, as most of the damage is already done in such instances. Massive’s Botnet Feeds can provide signature related data for blocking botnet attacks.

Massive provides raw data on the data feed of the botnet itself. Terabytes of information, streaming actively from compromised locations, can be cross-indexed do determine if the digital infrastructure was siphoned actively for information. With countless malware families including the most notorious ones, an organization could learn of a breach by seeing the data through the eyes of a threat actor.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.