Ramnit Botnet Crime Ring Taken Down By Europol

ENISA botnet report, Mirai

Euro cops shut down botnet that infected 3.2 million computers in order to steal banking information

A major European police operation has taken down a botnet that had been stealing banking data.

The operation was co-ordinated by the European Cybercrime Centre at Europol, the European police agency, and also involved a number of technology companies including Microsoft, Symantec and AnubisNetworks.

Ramnit Takedown

Europol HQ, The Hague
Europol HQ, The Hague

Europol reportedly worked with investigators from the UK, Germany, Italy and the Netherlands to take down the long-running botnet. Indeed, the Ramnit botnet has been going since 2010, and it has been mostly focused on banking fraud as well as stealing cookies and credentials from its victims.

Most of the infected computers that made up the Ramnit botnet were apparently located in the United Kingdom, the Guardian quoted Paul Gillen, head of operations at the cybercrime centre, as saying.

“We worked together to shut down the command-and-control servers for the network in various countries across the European Union. The criminals have lost control of the infrastructure they were using,” Gillen reportedly said.

But Symantec on its blog said that most of the infected PCs were located in India, Indonesia, Vietnam, Bangladesh, the US, and the Philippines.

Microsoft on its blog said that it has been monitoring Ramnit since April 2010, and during the last six months it had detected approximately 500,000 instances of computers infected with Ramnit.

Banking Botnet

BotnetThe botnet was used by the criminals running it to gain remote access and control of the infected Microsoft Windows computers, enabling them to steal personal and banking information, namely passwords, and disable antivirus protection.

“This successful operation shows the importance of international law enforcement working together with private industry in the fight against the global threat of cybercrime,” said Europol deputy director operations, Wil van Gemert, in a statement.

“We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes,” he added. “Together with the EU Member States and partners around the globe, our aim is to protect people around the world against these criminal activities.”

Europol said that Microsoft and Symantec have released their respective remedies to clean and restore infected computers’ defences.

Microsoft has been an active player in taking down botnets. It successfully disrupted the Sirefef botnet, also known as ZeroAcces in late 2013, but has also led efforts to take down the Waledac, Citadel, Kelihos, Nitol and Bamital.

It has also led efforts to take on the masterminds behind the Zeus botnet. Earlier this week, the FBI offered world’s largest ever reward for the arrest of Evgeniy Bogachev, the mastermind behind a highly damaging bank-robbing Gameover Zeus botnet.

Are you a security guru? Try our quiz!