Skip to main content
Evolving Dridex Malware Puts More Systems At Risk

Evolving Dridex Malware Puts More Systems At Risk

Chris in Bitcoin & Cryptocurrency published on 15, April 2016

The Internet can be a dangerous place. Nowadays, malware is a great threat to anyone who uses the Internet. These malicious pieces of software can do a wide range of damage to a computer user’s property. These can be just inconveniences like the processes getting slower or some deleted files to something devastating like stealing bank account access and confidential information.

One of the more recent examples that have gotten some press coverage is Dridex. This particular piece of malware first came into public consciousness in 2015 when the original malware network behind it was broken up. Many thought that the malware was done for, but it seems though that Dridex has returned under “new management.” This time, it has evolved into a distribution platform for Bitcoin ransomware and can potentially wreak havoc on a person’s digital assets.

Bitcoin Cyber Threats

Dridex malware’s transformation

First sighted by security experts in November 2014, Dridex spreads through infected Microsoft Word documents. Arriving in spam e-mails, the goal is to have the email be thought of as a legitimate message and to have the attached Word document opened. The Word document will contain a macro that will let it download the main part of the Dridex program. It will then run and install itself and establish a presence on a computer.

Dridex is sophisticated enough that normal detection software would not be able to detect it, which allows its operators to use it to monitor a computer’s activities. It also allows the people running the program to operate a computer remotely by adding it to a “botnet.” With this level of access, the hackers behind the malware can manipulate the activities on the computer, which includes downloading programs to install into the computer. In the past, Dridex was focused on stealing only the banking information of its targets, but this has changed.

Now, cybersecurity firm Buguroo Labs reported that the Dridex malware is aimed at spreading Bitcoin ransomware to computers. Locky is the name of the ransomware that Dridex spreads. What it does is to encrypt all of the files on an infected device, using high-level cryptography. Once encrypted, these files will be impossible to access. The malware then offers to sell the owner of the files a decoder for a price of 0.5 BTC to 1 BTC. Considering that the current exchange rate of 1 BTC is pegged at $420, this can be a lot of money.

Bitcoin Ransomware

Protection against malware and ransomware

For Bitcoin gamblers, the threat of the malware and ransomware is a serious one, considering that the Dridex malware has already victimized over 900 users from more than 100 countries. Granted that most Bitcoin gamblers store their digital assets on their personal computer, this can be a big hit to their funds. The Locky ransomware is especially threatening because it can scramble the wallet.dat file, which is the Bitcoin wallet file found on the devices of many Bitcoin users. If this gets locked, online gamblers with large bankrolls inside their wallets will be forced to pay up.

Worried Bitcoin users should follow a few tips to ensure their safety. First, ensure that backups of important files are stored in a different place. This is an excellent way to preserve files from more than malware, as files can be destroyed, corrupted, or lost. Second, be careful about opening attachments. If a file seems suspicious, users should avoid opening it. Macros should also be always disabled, even if opening a trustworthy file. Finally, security updates are constantly being released. Bitcoin gamblers should have the latest updates, especially since they often have sensitive financial information on their computers.

Vigilance and awareness are needed to ensure that computers are safe from all kinds of malware. Bitcoin gamblers should keep this in mind, especially in order to protect the payouts and bankroll allotted for betting on Bitcoin casino games. This should also prepare them in case of another Bitcoin security breach in the future.