The Andromeda Botnet Taken Down, Alleged Mastermind Arrested

‘Andromeda’, a huge malware system, a botnet made up of millions of computers, has finally been taken offline, as per reports. It’s also reported that the cyber criminal who has been behind the Andromeda network, has been arrested as a result of a joint operation involving Belarus, Germany and the United States.

Reuters reports from Amsterdam/London, dated December 5, 2017- “One of Eastern Europe’s most prolific cyber criminals has been arrested in a joint operation involving Belarus, Germany and the United States that aimed to dismantle a vast computer network used to carry out financial scams, officials said on Tuesday.”

The report further says- “National police in Belarus, working with the U.S. Federal Bureau of Investigation, said they had arrested a citizen of Belarus on suspicion of selling malicious software who they described as administrator of the Andromeda network.”

Andromeda, also reportedly known as “Gamarue”, is a collection of botnets- a group of computers that are already infected and in the control of the hackers who have infected them. The owners of the system won’t even know this and the cyber criminals who control these systems, as a network, would use them to spread more malware via phishing attacks and other online scams.

The Swedish-American cyber security firm Recorded Future seems to be confident regarding the identity of the cyber criminal behind the Andromeda botnet. A post authored by Andrei Barysevich and Alexandr Solad on the Recorded Future blog says- “We believe that the arrested person is the actor known as “Ar3s,” one of the oldest and more highly respected members of the criminal underground. Ar3s is the mastermind behind the Andromeda Trojan and a longstanding administrator of the Damage Lab hacking forum. With a high degree of confidence, we assess that the arrested person is likely Jarets Sergey Grigorevich, although the name was not revealed by the Belarusian authorities.”

Authorities in Belarus have reportedly declined to name the suspected hacker while Europol (the European Union’s law enforcement agency) and the FBI have declined to comment. The Reuters report quotes Europol spokesman Jan Op Gen Oorths- “Andromeda was one of the oldest malwares on the market”. The Reuters report also says that it’s estimated that the Andromeda botnet “… infected more than 1 million computers worldwide every month, on average, dating back to at least 2011.”

The Independent reports- “Authorities in Belarus said they had arrested a man on suspicion of selling malicious software and also providing technical support services. It did not identify the suspect…Officers had seized equipment from his offices in Gomel, the second city in Belarus, and he was cooperating with the investigation, the country’s Investigative Committee said…Op Gen Oorth said the individual is suspected of being “a ringleader” of a criminal network surrounding Andromeda.”

Reports say that the German authorities have joined hands with Microsoft and have taken control of the botnet in order to reroute the information sent from the infected computers to safe police servers. (This process is also referred to as ‘Sinkholing’).

The Independent also makes a very notable inference- “The takedown of the Andromeda system is notable not only because it took over so many computers but also because it was used to spread further danger, with the computers’ assembled power being harnassed to spread viruses across the internet.”

As per reports, Europol, the FBI and Belarus’s Investigative Committee have gradually information about the operation. Reports also say that no further arrests have been made in connection with the Andromeda botnet.