Emotet botnet taken offline in huge police operation

(Image credit: Shutterstock / Jaiz Anuar)

Law enforcement agencies in Europe and North America have joined forces as part of a coordinated effort to disrupt and take down the Emotet botnet once and for all.

First discovered as a banking Trojan back in 2014, the Emotet malware has evolved into the go-to solution for cybercriminals who used its infrastructure to gain access to targeted systems on a global scale. The malware's creators then proceeded to sell this access to other cybercrime groups including the operators of TrickBot and Ryuk who used it to launch additional attacks.

The Emotet group also used a fully automated process to distribute their malware which was delivered to victims using infected email attachments. In order to trick unsuspecting users into opening their malicious attachments, the group used a variety of different lures including fake invoice and shipping notices and more recently, Covid-19 information.

However, victims still need to be tricked into enabling macros on these malicious documents for Emotet to be installed on their systems.

Taking down Emotet

Emotet's infrastructure included several hundreds of servers located across the world that were used to manage infected systems, spread the malware, server other cybercrime groups and to make the network more resilient. 

Law enforcement agencies from the Netherlands, Germany, the US, the UK, France, Lithuania, Canada and Ukraine recently joined forces to gain control of Emotet's infrastructure and take it down from the inside. As part of this new and unique approach to disrupting the activities of cybercriminals online, the infected machines of victims have now been redirected towards law enforcement-controlled infrastructure.

As a result of the criminal investigation into Emotet carried out by the Dutch National Police, a database containing the email addresses, usernames and passwords stolen by the malware was discovered and users can check here to see if their email addresses have been compromised.

In a press release, deputy director of the UK's National Crime Agency Nigel Leary provided further insight on the financial and psychological damage caused by Emotet over the years, saying:

“Emotet was instrumental in some of the worst cyber attacks in recent times and enabled up to seventy percent of the world’s malwares including the likes of Trickbot and RYUK, which have had significant economic impact on UK businesses. Working with partners we’ve been able to pinpoint and analyse data linking payment and registration details to criminals who used Emotet. This case demonstrates the scale and nature of cyber-crime, which facilitates other crimes and can cause huge amounts of damage, both financially and psychologically. Using our international reach, the NCA will continue to work with partners to identify and apprehend those responsible for propagating Emotet Malware and profiting from its criminality.”

Via Computer Weekly

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.