French Authorities Disable Botnet that Infected 850,000 Servers
French authorities recently disabled a botnet server which infected 850,000 other servers across 140 countries with a cryptojacking virus.
The French cybersecurity revealed yesterday that shut down a botnet force comprising of 850,000 servers which operated mostly in Latin America. The main server of the operation was located in France and infecting computers with Monero crypto-jacking software.
Crypto-jacking works by secretly installing crypto mining software onto computers. The hackers make use of the computer’s resources and the mined crypto is sent to their wallets.
Private cybersecurity firm Avast noticed the malicious software back in spring. The virus was transmitted via email which promised money or erotic images, or in certain cases, it was spread nu infected USB drives.
The exact number of stolen funds is yet unknown, but officials estimate around somewhere in the range of millions of euros. The hackers have still not been caught.
The main pirate server was discovered by French authorities in Île-de-France. The server has up and running since 2016, and made use of the Retadup virus to crypto jack computers as well as steal personal data from Israeli hospitals, and other illicit operations.
In the past six months, the server was shut down and virus moved to unused parts of the web.
“Basically, we managed to detect where was the command server, the control tower of the network of infected computers, the ‘botnet’. It was copied, replicated with a server of ours, and made to do things that allow the virus to be idle on the victims’ computers,” said Jean-Dominique Nollet to France Inter Radio, head of the Center for Combating Digital Crime (C3N).
In spite of the victory, Nollet warned that rebooting the operation would be an easy thing to do. “Unfortunately we know they can recreate this kind of hacker server at any time,” said Nollet.
Featured image: TechGenix