For more than For half a decade, malware known as Emotet has threatened the Internet, becoming one of the largest bot networks in the world and targeting victims with data theft and crippling ransomware. Now, an extensive global police investigation has culminated in the withdrawal of Emotet and the arrest of several alleged members of the criminal conspiracy behind him.
Europol announced today that a global coalition of law enforcement agencies in the United States, Canada, the United Kingdom, the Netherlands, Germany, France, Lithuania and Ukraine had disrupted Emotet, calling it the “most dangerous malware in the world. “. The global effort, known as Operation Ladybug, was coordinated with private security investigators to disrupt and take over Emotet’s command and control infrastructure (located in more than 90 countries, according to Ukrainian police). while simultaneously arresting at least two of the Ukrainian crew members.
A video of a raid released by Ukrainian law enforcement shows agents confiscating computer equipment, cash and rows of gold bars from alleged Emotet operators. Neither the Ukrainian police nor Europol have named the arrested hackers or detailed their alleged role in the Emotet crew. A statement from Ukrainian authorities notes that “members of an international group of hackers who used the infrastructure of the Emotet bot network to carry out cyber attacks” have also been identified. Steps are being taken to stop them. “
“The Emotet infrastructure acted essentially as a major driver of computer systems on a global scale,” says a statement from Europol on the operation. The international investigation and disruption operation, according to the statement, “led to this week’s action by which police and judicial authorities gained control of the infrastructure and demolished it from within. “.
According to Dutch police, Emotet had caused hundreds of millions of dollars in total damage, while Ukrainian law enforcement figures amounted to 2.5 billion dollars. The bot network spread mainly through spam containing malicious links and documents infected with contaminated Microsoft Office macros and had become famous for offering from banking Trojans to ransomware to victims ’machines.
Botnet operators had a reputation for being especially adept at circumventing spam filters, says Martijn Grooten, an independent security researcher and former organizer of the Virus Bulletin conference that has been tracking Emotet for years. They used compromised mail servers to send their massive e-mail baits and spread sideways to an organization’s network to get a larger fulcrum on multiple machines after a victim took the bait. Emotet operators also partnered with other cybercrime gangs, selling access to those who were focused on theft and ransomware. He helped grow other large-scale botnets such as Trickbot, which infected more than a million computers before a coalition of the security industry and the U.S. Cyber Command partially interested him in October. . “They were especially good at defending corporate defenses,” Grooten says. “Simply click on a Word attachment, enable macros, and it turns out that access to your computer has been sold to a ransomware operator and your business is bailed out for $ 2 million.”