The Dridex botnet that has been distributing banking trojans for years, has now changed its profile entirely and is spreading ransomware instead.

Palo Alto researchers have noticed that the Dridex banking trojan has stopped delivering its infamous and highly dangerous banking trojan possibly because of the arrest of Andrey Ghinkul, 30, from Moldova.

But the scammers are still in business having switched over to the new type of ransomware variant, which was later named Locky.

The hackers started pushing massive amounts of spam right away, as Locky quickly made victims around the world, becoming as dangerous as TeslaCrypt or CryptoWall.

Benefiting from a massive infrastructure already put in place during their previous operations, Dridex's Locky has become a major player on the ransomware scene just a few days after it launched and common sense dictates that it will remain so until more group members are arrested and the botnet is sinkholed.



Source: SoftPedia