$5 million bounty placed on Russian hackers responsible for Dridex banking malware

The FBI and US Department of State have placed a record-breaking bounty on Maksim Yakubets and Igor Turashev

The UK's National Crime Agency, together with the USA's Department of Justice and Department of State, has named two Russian hackers it believes developed and distributed the Dridex banking trojan - and the American Departments have slapped a record bounty on their heads.

Maksim Yakubets and Igor Turashev stole more than $100 million using the malware, which is also known as Bugat and Cridex, over a 10-year period, including more than £20 million from UK bank accounts. They distributed it through massive email campaigns, targeting companies around the world.

The $5 million bounty is for information that leads to the arrest or conviction of Yakubets. It is, to-date, the largest reward the State Department - in partnership with the FBI - has ever offered.

A federal grand jury in Pittsburgh returned a 10-count indictment, unsealed today, against Yakubets and Turashev for their role in the Dridex campaign. It charges them with conspiracy, computer hacking, wire fraud and bank fraud. Another complaint, unsealed the same day in Lincoln, charged Yakubets with conspiracy to commit bank fraud in connection with the ‘Zeus' malware.

The Dridex malware was specifically designed to beat antivirus software and other protections, while automating the theft of confidential information from infected computers - for example, by showing a victim a fake online banking page. Zeus operates differently, but with the same intended outcomes: computer intrusions and the theft of personal information to enable money transfer to ‘mule' accounts.

According to the indictment, Yakubets led the group involved in Dridex, and provided money mules for the Zeus scheme. Turashev allegedly handled a variety of functions, including administration and oversight of the botnet.

Rob Jones, director of the NCA's cyber crime unit, said:

"This is a landmark for the NCA, FBI and U.S. authorities and a day of reckoning for those who commit cybercrime.

"Following years of online pursuit, I am pleased to see the real world identity of Yakubets and his associate Turashev revealed. Yakubets and his associates have allegedly been responsible for losses and attempted losses totalling hundreds of millions of dollars. This is not a victimless crime, those losses were once people's life savings, now emptied from their bank accounts.

"Today the process of bringing Yakubets and his criminal associates to justice begins. This is not the end of our investigation, and we will continue to work closely with international partners to present a united front against criminality that threatens our prosperity and security."