ESET identified the authors behind the BitPaymer ransomware

ESET Latin America, a leading company in proactive threat detection, revealed that the authors of the Dridex banking Trojan are also behind another family of high profile malware. A sophisticated ransomware called FriedEx, also known as BitPaymer.

The Dridex banking trojan appeared for the first time in 2014 as a bot (computer program whose function is to perform automated tasks through the Internet) that was quickly converted into one of the most sophisticated banking Trojans in the market. The development seems to be stable with new versions of the bot being released every week, and including minor fixes and updates. The last major update  was from the 3rd version to the 4th version, launched at the beginning of 2017, gained attention by adopting new propagation techniques seeking to evade security solutions. Later that same year when introduced a new zero-day exploit in the Microsoft’s office suite, which helped spread the Trojan among millions of victims.

ESET last year launched a tool to identify malicious processes that may be associated with threats and linked to web search engines. The tool is designed to help those affected by an incident to discover potential infections of banking Trojans, including Dridex.

The ransomware initially called BitPaymer, was discovered early in July 2017 by Michael Gillespie. In August it was again the center of attention and made the headlines after infecting hospitals of the National Health Service (NHS) in Scotland. FriedEx focuses on attacking high profile targets and companies rather than end users. The ransomware encrypts each file with a password, which is then also encrypted and saved in the corresponding .readme_txt file.