Emotet: Police Raids Destroy Botnets That Hacked “Millions of Computers Worldwide” Science & Tech News
Emotet, one of the most dangerous cybercrime services in the world, was phased out after one of the largest internationally coordinated actions against cyber criminals ever.
Although it began as banking malware designed to steal financial credentials, Emotet had become an infrastructure tool rented to cyber criminals to break into victims’ computer networks and install additional malicious software.
Law enforcement agencies in the UK, North America and Europe had worked to map the system’s infrastructure for almost two years before Ukraine’s National Police raided properties to capture the computers from which they were controlled.
Videos of the raids uploaded by the National Police of Ukraine reveal the chaotic environments in which the computers operated, as well as the range of digital devices, foreign currencies and even gold bars that were also seized.
The UK’s National Crime Agency (NCA) said the botnet “has been used to infiltrate thousands of companies and millions of computers around the world”. Europol, which co-ordinated the operation alongside Eurojust, called it “the most dangerous malware in the world”.
Police in the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada and the Ukraine participated in the investigation. The UK NCA led the Financial Sleuthing team and followed “how the criminal network behind the malware was funded, where that funding came from”. went, and who benefited “.
Although Emotet was first discovered as banking malware in 2014, it has gained a reputation in the cyber crime community as a tool that can be used to open other malware and ransomware.
“Cyber criminals used Emotet as a first point of contact,” the NCA explained how the automated botnet “would send emails to unsuspecting victims or companies whose malware is either embedded as a downloadable link in the email or as a word document attachment.
“When users clicked the attachments or links, they were prompted to enable the content to view the document, but the malware was able to install and take possession of their computers.”
Europol said the Emotet infrastructure “includes hundreds of servers around the world, each with different functions to manage infected victims’ computers, transfer them to new ones, serve other criminal groups and ultimately make the network more resilient against shutdown attempts “.
Law enforcement destroyed the botnet by effectively hijacking it from within.
Although they cannot uninstall the malware from the victim’s computers, the infected computers are now redirected to the police-controlled infrastructure to prevent criminals from using them to steal more data or send phishing emails.
The NCA’s analysis showed that the Emotet operators move USD 10.5 million over a period of two years on just one virtual currency platform.
They also found that the group had spent nearly $ 500,000 over the same period to maintain their criminal infrastructure.
Nigel Leary, deputy director of the NCA’s National Cyber Crime Unit, said, “Emotet has been instrumental in some of the worst cyberattacks in recent history.”
He said it enabled up to 70% of the world’s malware, including many – like Trickbot and RYUK – that had “significant economic impact” on businesses in the UK.
None of the police agencies announced arrests for the people who operated the infrastructure, although there was a suggestion that those who used it could be identified.
“Working with partners, we were able to locate and analyze data that links payment and registration details to criminals who have used Emotet,” Leary said.
“This case shows the extent and nature of cybercrime, which facilitates other crimes and can cause enormous damage, both financially and psychologically.
“With our international reach, the NCA will continue to work with partners to identify and capture those responsible for the spread of Emotet malware and who benefit from its crime.”