Criminal charges have been filed against the botnet administrator of “Bugat,” “Cridex” or “Dridex” which is a “sophisticated malware package designed to steal banking and other credentials from infected computers” and the “FBI estimates at least $10 million in direct loss.” The US Attorney General’s office announced on October 13, 2015 that “Bugat is specifically designed to defeat antivirus and other protective measures employed by victims” and that:
Andrey Ghinkul, aka Andrei Ghincul and Smilex, 30, of Moldova, was charged in a nine-count indictment unsealed today in the Western District of Pennsylvania with criminal conspiracy, unauthorized computer access with intent to defraud, damaging a computer, wire fraud and bank fraud.
Here are a few examples according to the indictment:
…on Dec. 16, 2011, Ghinkul and others allegedly attempted to cause the electronic transfer of $999,000 from the Sharon, Pennsylvania, City School District’s account at First National Bank to an account in Kiev, Ukraine, using account information obtained through a phishing email.
…Ghinkul and others allegedly caused the international transfer on Aug. 31, 2012, of $2,158,600 from a Penneco Oil account at First Commonwealth Bank to an account in Krasnodar, Russia, and the international transfer on Sept. 4, 2012, of $1,350,000 from a Penneco Oil account at First Commonwealth Bank to an account in Minsk, Belarus.
This indictment reinforces the need to train employees about recognizing phishing emails.