Gang arrests in Russia may have put significant dent in malware, says researcher

We love to read news reports in which a police force takes down a major crime gang. In one swoop the community is cleansed. Can it happen in the digital world?

Cisco Systems security researcher Nick Biasini raises the question after use of several high regularly-used pieces of malware plunged last month following the arrests of several people in linked to the spread of  a Russian-specific piece of malware named Lurk,  a banking trojan specifically targeting banks in that country that drained some US$45 million from accounts.

Lurk, he writes, was largely distributed through the Angler exploit kit, which is often used to spread ransomware. But within a week of the arrests Angler — which he calls “the most prolific, successful and sophisticated compromise platform” — has disappeared from threat activity reports. In addition, around the same time as Lurk disappeared so apparently did the Necurs botnet, which Biasini says is thought to be the largest botnet in the world. With Necurs down the spread of Dridex and Locky ransomware dropped as well.

So perhaps a major player has been taken out.

That’s the good news. The bad news is malware activity with the Rig and Neutrino exploit kits is increasing, suggesting surviving threat actors have shifted to other platforms. Worse, though, is the Necurs botnet is back after three weeks.

“There is no way to say for certain that all of these threats are connected,” Biasini admits, “but there is one single registrant account that owned domains attached to all of them. If this one group (in Russia) was running all of these activities this will likely go down as one of the most significant arrests in the history of cybercrime with a criminal organization that was easily earning hundreds of millions of dollars.”

But, as in the physical world, there are many organized crime groups around the planet, and they aren’t connected to each other. They are resilient, agile and well-funded. In the past cyber criminals have been arrested and sometimes jailed, but malware continues to evolve and spread.

“One thing this does show is that despite all the variety and different actors making use of these technologies there potentially was a much smaller group responsible for a far larger chunk of the crimeware space than previously estimated,” says Biasini. “Regardless, the threat landscape associated with crimeware has drastically changed over the last several weeks, and it will be interesting to watch it respond and evolve in the coming months.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now