3 million strong RAMNIT botnet taken down

The National Crime Agency’s National Cyber Crime Unit (NCCU) worked with law enforcement colleagues in the Netherlands, Italy and Germany, co-ordinated through Europol’s European Cybercrime Centre (EC3), to shut down command and control servers used by the RAMNIT botnet.

RAMNIT spread malware via seemingly trustworthy links sent out on phishing emails or social networking websites. If users running Windows clicked on the links, the malware would be installed, infecting the computer. Infected computers would then be under the control of criminals, enabling them to access personal or banking information, steal passwords and disable antivirus protection.

Investigators believe that RAMNIT may have infected over three million computers worldwide, with around 33,000 of those being in the UK. It has so far largely been used to attempt to take money from bank accounts. Analysis is now taking place on the servers and an investigation is ongoing.

Raj Samani, Vice President and CTO, EMEA, Intel Security, commented for Help Net Security: “RAMNIT has been a mainstay as one of the most prevalent botnets in McAfee Threat reports for some time. Subsequently the demonstration of increased law enforcement collaboration is something that should be applauded, and bodes well for the future in the fight against cybercrime.”

“Individuals should however always ensure they maintain up to date security software as protection against RAMNIT has existed for some time now, but also remain vigilant against future threats. As the recent Threat report demonstrates, there is no shortage of botnets in active operation attempting to steal digital data from all of us,” Samani concluded.

Europol was alerted to RAMNIT by Microsoft, after data analysis showed a big increase in infections.

Steve Pye from the NCA’s National Cyber Crime Unit said: “Through this operation, we are disrupting a cyber crime threat which has left thousands of ordinary computer users in the UK at risk of having their privacy and personal information compromised.”

“This malware effectively gives criminals a back door so they can take control of your computer, access your images, passwords or personal data and even use it to circulate further spam messages or launch illegal attacks on other websites. As a result of this action, the UK is safer from RAMNIT, but it is important that individuals take action now to disinfect their machines, and protect their personal information,” Pye added.

Don't miss