World’s Most ‘Resilient Malware’ Botnet Emotet Taken Down

Emotet malware botnet has been taken down by cybersecurity and law enforcement agencies after a joint global operation.

Emotet malware botnet has been taken down by cybersecurity and law enforcement agencies after a joint global operation.

“Bye-bye botnets. Huge global operation brings down the world’s most dangerous malware,” read the tweet posted by Europol after taking down Emotet botnet.

According to Europol’s press release, the investigation against the Emotet botnet operations was launched two years back after taking on-board investigators from 8 countries, including Germany, the Netherlands, the FBI, and UK’s National Crime Agency. Well-organized criminal gangs mainly used the Emotet infrastructure.

However, it has been taken down through a joint operation after a two-year investigation spanning eight countries. Investigators also discovered a database comprising stolen usernames and passwords during the investigation.

What is Emotet botnet?

Emotet is dubbed the most dangerous and resilient malware for cyberattacks, claims a Europol spokesperson. The malware first appeared as a banking Trojan in 2014 and evolved into a powerful tool for conducting the most devastating cyber attacks over the years especially again Windows-based systems.

The malware functioned by entering the system as a harmless Word document sent via email attachments through phishing scams. The malware used to be hidden inside fake invoices, COVID-19 information, or delivery announcement.

Once the attachment is downloaded, the virus quickly replicates, allowing the malware operators to send in other trojan viruses to steal sensitive information like bank data or block data to extort money.

Source: Europol

World’s Most Dangerous Botnet

Emotet network operators used to lease their army of botnets to other cybercriminals, who used them as a gateway for launching additional malware attacks, such as ransomware and RATs. Eventually, Emotet became the most dangerous malware and one of the most devastating botnets of the last decade.

In operations involving Ryuk ransomware and (now dismantled) TrickBot banking trojan, Emotet compromised devices were used to install the malware.

Hundreds of Emotet Servers Disrupted

According to the head of operations at EC3 (Europol’s European Cybercrime Center), Fernando Ruiz, in terms of impact, this is perhaps one of the ‘biggest operations’ the agency has had recently.

“Emotet is involved in 30% of malware attacks; a successful takedown will have an important impact on the criminal landscape,” stated Ruiz.

According to Europol, it took law enforcement agencies a week to gain control of Emotet’s infrastructure. Hundreds of malware servers worldwide were disrupted from the inside, whereas the machines controlled by Emotet are now under the control of the law enforcement authorities’ infrastructure.

Consequently, cybercriminals can neither exploit these machines anymore nor can they distribute them to new targets.

“… We’re removing one of the main droppers in the market – for sure there will be a gap that other criminals will try to fill, but for a bit of time, this will have a positive impact for cybersecurity,” Ruiz added.

On the other hand, in a detailed statement, Team Cymru, a cyber threat intelligence firm who partnered with the FBI to help orchestrate the global cyber operation said that the company worked with private researchers, security vendors, internet service providers along with law enforcement in several countries throughout the world to facilitate aspects of this operation.”

“The company’s role was two-fold. First, the company enumerated and validated the IP addresses of the tier 1 controllers in the Emotet botnet. Second, because Team Cymru has relationships with internet service providers around the world, Team Cyrmu was the partner that recruited the network operators to assist with the takedown,” the company explained.

“While a unique level of visibility was key in auditing and vetting the tier 1 controllers being targeted for takeover or takedown, the collaboration among ISPs worldwide was truly the critical element. These network operators are the heroes in this story. Because of this collaborative effort, bad actors have been arrested and the Internet is a safer place for the time being,” Team Cyrmu added.

It’s important to note that only time will tell how long-lasting the takedown will be. The law enforcement, security vendor, and network operator communities will continue to track, monitor, and collaborate in the continuous effort to defend against these ever-evolving threats,” was told.

Did you enjoy reading this article? Don’t forget to like our page on Facebook and follow us on Twitter

Related Posts