French police revealed that they had stopped a malicious campaign that had infected almost a million machines.
The force teamed up with security firm Avast to fight the Retadup worm, which had distributed a malicious cryptocurrency miner that would leave victim devices severely disabled.
According to the Center for Combating Cybercrime (C3N) of the French National Gendarmerie, 850,000 unique infections have been registered, mainly affecting Windows devices in Latin America.
commitment
Avast began monitoring Retadup in March 2019 and, seeing that its operations were mainly coming from France, shared its information with C3N to start the fight.
The agency has been able to take control of its command and control (C&C) server and replace it with a sanitization system capable of responding to incoming bot requests with a specially crafted response, causing connected malware to self-destruct.
C3N and Avast also reported that some of the Retadup servers were located in the United States and used the FBI to help them further bring down the botnet.
Avast discovered that Retadup also delivered Stop ransomware protection software and Arkei password stealer to victims' computers. Avast pointed out that the malware writers were also infected with the Neshta file infector, showing that they should have used antivirus protection.
Additionally, 85% of botnet victims did not have third-party antivirus protection, and most victims were running Windows 7, highlighting the importance of keeping systems up to date.