The Retadup malware was spreading so fast that it had affected millions of Windows devices. Fortunately, the latest report says French’s Cyber Police team has managed to successfully hijack and disinfect over 850,000 earlier recorded infections.
In March 2019, Avast, a security firm had started tracking the Retadup and realized that most of its operations were running outside the French borders.
The worm had disseminated malicious cryptocurrency minter which would damage devices severely. This information was then shared to the Cybercrime Fighting Center (C3N) which embarked on the counterattack.
According to C3N, all the infections were discovered to be affecting Windows devices in Latin America. Working on the gathered information, the agency was able to hijack the Command and Control (C&C) server and replaced it with a disinfected system. The system’s response was to cause self-destruction to any incoming bot requests.
The team also dug out information that some of the Retadup servers were located in the US and thus sought help from the FBI. In response, the FBI helped to take down the servers which further incapacitated the botnet further.
Avast further noted that Retadup distributed Arkei password stealer as well as the Stop ransomware to their victim’s devices.
Amusingly, the malware distributors were also not safe from their own creation. Turns out that they had also been infected by the Neshta file infector, talk about pulling the trigger to the wrong direction!
Other important findings that should keep us on toes include; most of the victims had no antivirus and were still using Windows 7. This simply means that if you have no antivirus, it is high time you install one. And for crying out loud, do away with that Windows 7 asap.