Emotet has been one of the most destructive malwares of recent years. Initially, Emotet was a banking Trojan thought to have originated in Russia that was deployed against various financial institutions. Around 2016 and 2017, Emotet authors morphed the malware’s function to make it a payload downloader and distributed it via macros (especially Word documents). Essentially, Emotet acted as a loader for other malicious code on an infected host. The malware was usually distributed via botnets and was employing parked domains to distribute the malware. What made it so dangerous was how widely it was distributed among criminal organizations. The damage was significant, and it made cybersecurity professionals incredibly concerned.
But Emotet may finally be a thing of the past according to a Europol press release. The release states that a multifaceted criminal justice operation was undertaken by the following nation-states and organizations: The Netherlands (Europol’s headquarters), Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine, “with international activity coordinated by Europol and Eurojust.” Europol used the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT) to execute the operation and take down what it called the “world’s most dangerous malware.”
The exact details of how Emotet was effectively shut down can be found in the following excerpt from the press release:
The infrastructure that was used by EMOTET involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts.
To severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy. It resulted in this week’s action whereby law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside. The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure. This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime.
Multiple arrests have been made in connection with this operation, and as more information is released, we will update the story. Emotet may be a thing of the past, but don’t drop your guard. When one malware operation dies, there is inevitably another to take its place.
Featured image: Wikimedia