AnubisNetworks has participated in another major botnet takedown operation led by Europol’s European Cybercrime Centre (EC3). The operation involved investigators from around the world and sought to dismantle the Ramnit botnet that infected 3.2 million computers internationally.
Criminals used the Ramnit botnet to gain remote access and control of infected computers, enabling them to steal personal and banking information, namely passwords, while also disabling antivirus protection on affected devices. The malware infected users running Windows operating systems and explored different infection vectors such as links contained in spam emails, which directed victims to infected websites.
Europol officials worked directly with AnubisNetworks, Microsoft, and Symantec to shut down command and control servers used by the Ramnit botnet. The AnubisNetworks Cyberfeed provided EC3 and government officials with a holistic approach to threat intelligence by focusing on mapping malware campaign, method, and propagation vectors. This operation leveraged the Cyberfeed to:
- Provide visibility on Ramnit botnet dimension and geographic dispersion.
- Malware analysis to identify communication protocols and C2 infrastructure mapping.
- Tracking the C2 infrastructure.
- Collection, aggregation and analysis of Ramnit botnet data.
“This successful operation shows the importance of international law enforcement working together with private industry in the fight against the global threat of cybercrime,” said Wil van Gemert, Deputy Director Operations for Europol. "We will continue our efforts in taking down botnets and disrupting the core infrastructures used by criminals to conduct a variety of cybercrimes. Together with the EU Member States and partners around the globe, our aim is to protect people around the world against cybercriminal activity."
“The takedown of the Ramnit malicious botnet illustrates a great victory for public and private sector collaboration against cybercrime,” said Francisco Fonseca, CEO and co-founder of AnubisNetworks. “We’re pleased to see Cyberfeed used as an integral, data-driven resource in this operation, and we’re proud to participate in this meaningful work. By providing real-time data on cyberattacks, AnubisNetworks can continue to partner with EC3 to mitigate future risks as they arise.”
Read AnubisNetworks' Official Press Release here
Author: Rui Serra
With degrees in Computer Engineering and Marketing, Rui started his career managing training documentation for IT Training and consulting firms. He then joined Nokia Siemens Networks as a Documentation Specialist and Project Scrum Master before joining AnubisNetworks in 2009, where he has advanced from managing documentation to Product Manager for the growing Product Portfolio.