Have you convinced your boss yet? Groups get the best deals 🎟️ Buy now before price increase →

This article was published on August 29, 2019

French cyber-cops shut down Monero-mining botnet that infected 850,000 computers across 100 countries

Vive la France!

French cyber-cops shut down Monero-mining botnet that infected 850,000 computers across 100 countries

Authorities in France say they have shut down a cryptocurrency mining botnet that had infected more than 850,000 computers across 100 countries.

France’s “cybergendarmes” or more formally, the C3N digital crime-fighting center was alerted to the potential fact that a server based in Paris had been distributing a virus called Retadup, BBC reports. It’s thought the virus managed to infect hundreds of thousands of Windows-based computers across the globe. Central and South America reportedly took the brunt of the infection.

After a system was infected, hackers were able to take control and install cryptocurrency mining programs. The report says the hackers were using the virus to “create the cryptocurrency Monero.” Presumably, the bad actors installed XMRig or a similar program to surreptitiously mine the coins on their behalf without the system’s owner knowing.

The cyberbaddies also reportedly used ransomware to extort money from victims. In most cases, hackers will use ransomware to demand other cryptocurrencies like Bitcoin. Authorities have not disclosed how much money hackers have been able to harvest by spreading the virus, but French authorities believe the individual(s) managed to earn millions of Euros.

The chief of C3N, Jean-Dominique Nollet, told France Inter Radio how authorities were able to shut down the botnet and put a halt to its nefarious activity.

“Basically, we managed to detect where was the command server, the control tower of the network of infected computers, the ‘botnet,’” said Jean-Dominique Nollet to France Inter Radio. “It was copied, replicated with a server of ours, and made to do things that allow the virus to be idle on the victims’ computers,” CoinDesk reports.

Mr Nollet has also said the C3N would continue to run the mirrored server so any infected computers that haven’t been online recently could still be disinfected.

Even though authorities have managed to dismantle the botnet, those behind its creation are on the run and yet to be caught.

Despite the value of many cryptocurrencies being way down from their all time highs, hackers are still keen on surreptitious cryptocurrency mining. According to research from SonicWall, Criminals made a staggering 52.7 million crypto-jacking hits during the first six months of this year.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with