Skip Navigation
BlackBerry Blog

This Week in Security: Kelihos Botnet, Ransomware, and More...

Echoes of a Takedown: Arrests in Impact Kelihos Botnet Infrastructure . . . . . . Again

Thirty-six year old Russian, Peter Yuryevich Levashov, was arrested last week in Spain. His arrest is in relation to charges stemming from command of the Kelihos Botnet and related fraud charges. The Kelihos Botnet (and related infrastructure) has been in operation since 2010. Authorities allege that Levashov has been controlling the operation, or at least an accessory to such, since that time. The large scale operation was primarily used to distribute spam by relaying email off the infected hosts within the network. In addition, the hosts were used to distribute additional malware, including RATs and ransomware. The botnet, as is typical, was not necessarily under full control of the direct Kelihos operators. That is to say, the resources (infected hosts) were sold/rented to other ne'er-do-wells to use as they see fit. In conjunction with the arrest/investigation, U.S. authorities worked with additional security vendors to assist in interrupting the Kelihos infrastructure. On April 8, 2017, a successful effort to sinkhole 100% of the C2 traffic took place. As a result, the current operations of the network was fully seized. Shadowserver Foundation[1] noted the following statistics during their involvement in the operation.


The Cylance Research and Intelligence Team

About The Cylance Research and Intelligence Team

Exploring the boundaries of the information security field

The Cylance Research and Intelligence team explores the boundaries of the information security field identifying emerging threats and remaining at the forefront of attacks. With insights gained from these endeavors, Cylance stays ahead of the threats.