14 DAY TRIAL // Andrey Ghinkul, 30, from Moldova, has been extradited to the US, and today, February 26, has appeared in a Pittsburgh court to face charges related to his involvement with an international hacking crew suspected of running the Dridex botnet.
Ghinkul was arrested last September in Paphos, a small vacation town in Cyprus, in a rented house where he was living with his wife. The suspect was apprehended when police received a tip about his whereabouts after he previously tried to cheat a local bank out of $3.5 million / €3.12 million.
Cyprus law enforcement discovered who he was, and US authorities asked for his extradition. Ghinkul contested that authorities had the right to extradite him, even reaching the Cyprus Supreme Court, but he lost the case.
At today's initial case hearing, Ghinkul pleaded not guilty in front of a US judge, as TribLIVE reports. The suspect's lawyer said that the US prosecution does not have the evidence to prove that Ghinkul was the man behind the Dridex cyber-attacks.
Dridex is one of the most dangerous banking trojans around
Dridex is the name of a banking trojan that infects computers and steals financial and banking-related information. Dridex is also known under the names of Cridex or Bugat, and is a malware family that has evolved from the famous Gameover ZeuS malware.
Gameover Zeus was put together by a gang of Eastern European hackers known as the Business Club. Authorities say that Ghinkul was part of this cybercrime gang which managed to steal around $100 million / €90 million from various banking and financial institutions.
Dridex first appeared in July 2014, a month after the Gameover Zeus botnet was dismantled. Authorities estimate that Dridex is responsible for damages of $25 million / €22.85 million.
Various cyber-security firms noticed that since Ghinkul's arrest in September, Dridex activity has gone down, but not stopped.
Dridex activity almost came to a hault at the start of February when the servers that were spreading the malware started distributing an antivirus instead. A week later the same servers stopped distributing the banking trojan and switched to aggressively spreading the Locky ransomware.