Emotet: Police Raids Destroy Botnets That Hacked “Millions of Computers Worldwide” Science & Tech News

0
78

[ad_1]

Emotet, one of the most dangerous cybercrime services in the world, was phased out after one of the largest internationally coordinated actions against cyber criminals ever.

Although it began as banking malware designed to steal financial credentials, Emotet had become an infrastructure tool rented to cyber criminals to break into victims’ computer networks and install additional malicious software.

Law enforcement agencies in the UK, North America and Europe had worked to map the system’s infrastructure for almost two years before Ukraine’s National Police raided properties to capture the computers from which they were controlled.

Armed police ransacked premises occupied by cyber criminals. Image: National Police of Ukraine
Picture:
Armed police ransacked premises occupied by cyber criminals. Image: National Police of Ukraine

Videos of the raids uploaded by the National Police of Ukraine reveal the chaotic environments in which the computers operated, as well as the range of digital devices, foreign currencies and even gold bars that were also seized.

The UK’s National Crime Agency (NCA) said the botnet “has been used to infiltrate thousands of companies and millions of computers around the world”. Europol, which co-ordinated the operation alongside Eurojust, called it “the most dangerous malware in the world”.

Dozens of computers were used to operate Emotet. Image: National Police of Ukraine
Picture:
Dozens of computers were used to operate Emotet. Image: National Police of Ukraine

Police in the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada and the Ukraine participated in the investigation. The UK NCA led the Financial Sleuthing team and followed “how the criminal network behind the malware was funded, where that funding came from”. went, and who benefited “.

Although Emotet was first discovered as banking malware in 2014, it has gained a reputation in the cyber crime community as a tool that can be used to open other malware and ransomware.

Police officers recorded the serial number of the confiscated banknotes. Image: National Police of Ukraine
Picture:
Police officers recorded the serial number of the confiscated banknotes. Image: National Police of Ukraine

“Cyber ​​criminals used Emotet as a first point of contact,” the NCA explained how the automated botnet “would send emails to unsuspecting victims or companies whose malware is either embedded as a downloadable link in the email or as a word document attachment.

“When users clicked the attachments or links, they were prompted to enable the content to view the document, but the malware was able to install and take possession of their computers.”

The malware was controlled from a cyber crime cave. Image: National Police of Ukraine
Picture:
The malware was controlled from a cyber crime cave. Image: National Police of Ukraine

Europol said the Emotet infrastructure “includes hundreds of servers around the world, each with different functions to manage infected victims’ computers, transfer them to new ones, serve other criminal groups and ultimately make the network more resilient against shutdown attempts “.

Gold bars were seized from suspects & # 39; Properties. Image: National Police of Ukraine
Picture:
Gold bars were seized from the suspects’ properties. Image: National Police of Ukraine

Law enforcement destroyed the botnet by effectively hijacking it from within.

Although they cannot uninstall the malware from the victim’s computers, the infected computers are now redirected to the police-controlled infrastructure to prevent criminals from using them to steal more data or send phishing emails.

Police officers record a gold shipment that the cybercriminals have hidden. Image: National Police of Ukraine
Picture:
Police officers record a gold shipment that the cybercriminals have hidden. Image: National Police of Ukraine

The NCA’s analysis showed that the Emotet operators move USD 10.5 million over a period of two years on just one virtual currency platform.

They also found that the group had spent nearly $ 500,000 over the same period to maintain their criminal infrastructure.

The police collected an enormous amount of digital evidence. Image: National Police of Ukraine
Picture:
The police collected an enormous amount of digital evidence. Image: National Police of Ukraine

Nigel Leary, deputy director of the NCA’s National Cyber ​​Crime Unit, said, “Emotet has been instrumental in some of the worst cyberattacks in recent history.”

He said it enabled up to 70% of the world’s malware, including many – like Trickbot and RYUK – that had “significant economic impact” on businesses in the UK.

Phones were seized by the criminals & # 39; Properties. Image: National Police of Ukraine
Picture:
Phones were confiscated from the criminals’ property. Image: National Police of Ukraine

None of the police agencies announced arrests for the people who operated the infrastructure, although there was a suggestion that those who used it could be identified.

“Working with partners, we were able to locate and analyze data that links payment and registration details to criminals who have used Emotet,” Leary said.

“This case shows the extent and nature of cybercrime, which facilitates other crimes and can cause enormous damage, both financially and psychologically.

“With our international reach, the NCA will continue to work with partners to identify and capture those responsible for the spread of Emotet malware and who benefit from its crime.”

[ad_2]

Source link

Thank You For Visiting. Please Support This Site By SHARING And Following Us In The Social Networks.

Leave a Comment