Feds Offer $5 Mil For Evil Corp. Leader

December 5, 2019 CyberCecurity Leave a comment

Not sure if this is inspired by the Mr. Robot Series (Evil Corp) or not, but this guy is in big trouble now.

He is being charged with conspiracy, conspiracy to commit fraud, wire fraud, bank fraud and intentional damage to a computer.

The feds say that he stole tens of millions using the banking trojans Dridex and Zeus. He drives a custom Lamborghini, they say.

In addition to putting out the arrest warrant, Treasury is sanctioning his company.

While I don’t think that President Trump’s bestie, Vladimir Putin, is going to turn the guy over to us, as a high roller, the treasury sanctions mean that he cannot access the U.S. financial system – banks, credit cards, wire transfers, etc. will all be frozen if he tries. He also cannot travel to all of those beautiful, warm, scenic vacation spots he is used to. I hear Kiev is nice this time of year, however. If he goes through customs in any country we have an extradition treaty with, he will be immediately arrested. That recently happened when a Russian hacker visited Israel. He is now in federal custody awaiting trial in the United States after spending 4 years in a nice Israeli prison.

$5 million is the largest reward the feds have ever offered for something like this.

Of course, in the decade that he has been active, he stole tens of millions of dollars from his victims by using those trojans to empty their bank accounts. By 2015 Dridex was among the active banking trojans in the wild.

The trojan would transfer money to the account of a “money mule” and the mules would then forward the money on to the bad guys, keeping a slice for themselves.

The trojan targeted banks, companies, cities; even non-profits, as well as individuals.

Separately, the FBI issued an alert about this trojan. It is pretty active, stealing people’s money. Still. It can interfere with your web browsing (redirecting you to attacker controlled web sites), among other nasty actions. This version can even lead to a ransomware attack, encrypting files on your computer. Sometimes the attack is combined with Powershell Empire, which allows it to do reconnaissance and move laterally to other machines on your network. This combination would allow it to encrypt all computers on your network.

If you do not have access to the FBI alert, contact me; I cannot post it publicly but I can provide a copy to appropriate people.

While the FBI is not saying, given the size of the reward offered and also the alert, there must be a lot of (stolen) money involved.

Information for this post came from Threat Post and the FBI.