The coordinated actions of the police from Germany, Canada, Lithuania, the Netherlands, the United States, Ukraine and France, and the FBI and the UK national crime agency have allowed law enforcement to take control of the infrastructure of the Emotet botnet used by cybercriminals. The botnet has been named the most dangerous and malicious in the world “in the last decade” – it is behind many high-profile attacks by malware and ransomware. The operation to neutralize it was the result of more than two years of development.
The first manifestation of Emotet was a banking Trojan recorded in 2014. Over the years, the network has grown significantly. Emotet installs a backdoor on Windows computers using automatic phishing emails containing malware-infected office documents. Those behind Emotet provide the network to other cybercriminals as vehicles for malware attacks, including remote access tools (RAT) and ransomware. Thus, stopping Emotet represents one of the most significant actions against malware and cybercriminals in recent years.
“This is probably one of the most significant operations in terms of the impact that we have had in recent times, and we expect it to have a major impact,” – quoted the source as Fernando Ruiz, a spokesman for Europol. “We are delighted.”
For a week of action, law enforcement agencies managed to gain control over the Emotet infrastructure, consisting of hundreds of servers worldwide, and disrupt its work from the inside. Emotet-infected machines are now managed by law enforcement-controlled infrastructure, which means cybercriminals can no longer use compromised machines and malware can no longer attack new targets. Europol also works with Computer Emergency Response Teams (CERTs) worldwide to help those whose systems are infected with Emotet.
The investigation and identification of the cybercriminals responsible for the creation of Emote are still ongoing.