The emergence of a Bitcoin hunting variation targeting POS and financial services would suggest that Dridex means business once again
Dridex may have been displaced as the ‘King of Malware’ by Locky, but it hasn’t been sitting back and rotting. Far from it, as the emergence of a Bitcoin hunting variation that targets POS and financial services targets would suggest. Six months ago, we were warning that the Nemucod downloader had accelerated Locky ransomware distribution. The spam campaigns pushing this were, it seemed, originating from the same botnet that had been responsible for the Dridex malware before it. All that had actually happened was that the actors involved had, as far as we could determine at least, simply changed the delivery mechanism and the payload. As is often the case in the world of malware, it’s now all change again and we are back to where it started with Dridex.
Well, sort of. Locky would almost certainly win the ‘King of Malware’ award if such a thing existed and was given on the basis of market domination. However, reports would seem to suggest that Dridex is once more up and running. This time, according to Proofpoint researchers, Dridex is going for a more targeted approach.