National Cyber Security Centre
UK and US investigations into harmful international cyber campaigns
NCSC re-issues advice on how to reduce your risk of becoming a victim of malware attacks
Today, the US Department of Justice (DoJ) has formally charged the leader of an organised cyber criminal group for their involvement in a malicious campaign affecting government, infrastructure, business and the public globally.
UK and US investigations by the National Crime Agency (NCA), the FBI and the National Cyber Security Centre (NCSC) have revealed the creation and deployment of Dridex malware has caused financial losses of hundreds of millions in the UK alone.
Paul Chichester, NCSC Director Operations, said:
"Today's announcement is the result of a multi-year investigation with our law enforcement and international partners.
"Dridex has been targeting UK victims since at least 2014, compromising and stealing from large organisations, SMEs and the general public.
"Malware is a continuing cyber threat but we can all reduce our risk of becoming victims to cyber criminals by ensuring our devices are patched, anti-virus is turned on and up to date and files are backed up."
- Read the NCA's statement
- Read the US Department of Justice's statement
- Read the US Treasury's statement
What is Dridex?
Dridex is a strain of malware known as a financial trojan that has been affecting the UK since late 2014. Its victims cover government, Critical National Infrastructure, business and the public.
How does Dridex work?
Dridex infects devices through a variety of means. Frequently this is done via malicious attachments in phishing emails, or it is dropped by another piece of existing malware, for example, Emotet.
Once active on a compromised computer, Dridex has a wide range of capabilities. Most commonly, it steals a user's passwords, personal information and banking details for use in fraudulent transactions. It can do this even when web browsing would be considered otherwise secure (e.g. over HTTPS).
Dridex also has the capability to monitor other activity on a computer, allowing malicious actors to take screenshots and upload and download files and tools. Those responsible can use additional tools to help them move through a victim's network.
This is of particular use when attacking businesses. Actors may choose to move onto business-critical systems, such as payroll, and deploy tools like ransomware.
Cyber criminals manage Dridex through a large system of compromised computers worldwide known as a botnet. Through this system they are able to pull back the stolen data and issue their commands, conducting crimes at a vast scale.
How to protect yourself from malware
The NCSC has previously published guidance on how organisations and home users can reduce their risk of malware infection.
What do I do if I think I've been a victim of cyber crime?
If you think you have been subject to online fraud or cyber crime, contact Action Fraud at https://www.actionfraud.police.uk
The NCSC runs a commercial scheme call Cyber Incident Response, where certified companies provide crisis support to affected organisations. More information on how and when to report an incident to the NCSC.
Advice on how to effectively detect, respond to and resolve cyber incidents is also available in the NCSC's incident management guidance.
Latest News from
National Cyber Security Centre
We've got you covered: experts produce first-ever technical advice on cyber insurance06/08/2020 14:15:00
New guidance highlights the 7 cyber security questions organisations should be asking if they are considering purchasing cyber insurance.
Diversity and inclusion in cyber security workforce revealed for the first time29/07/2020 11:15:00
NCSC vows to drive cross-sector improvement as joint report with KPMG reveals more to be done to improve experiences and opportunities.
NCSC announces Lindy Cameron as new CEO28/07/2020 16:15:00
Lindy Cameron has been announced as the new CEO of the National Cyber Security Centre.
Cyber innovators set on fast track to success28/07/2020 14:15:00
The NCSC welcomes 6 new start-up companies onto the Cyber Accelerator programme.
Alert: Potential legacy risk from malware targeting QNAP NAS devices27/07/2020 16:38:00
A joint NCSC and CISA alert detailing the legacy risk of the malware Qsnatch to QNAP NAS devices.
Defences tested as cyber attackers take aim at UK sports sector23/07/2020 14:15:00
New report on the cyber threat to sports organisations reveals a range of attacks by hackers.
UK and allies expose Russian attacks on coronavirus vaccine development17/07/2020 16:15:00
Joint advisory details APT29’s ongoing campaign to target organisations involved in COVID-19 vaccine development.
NCSC statement: cyber attack on Twitter17/07/2020 11:15:00
An NCSC statement on the reported attack on Twitter.