Europol stated that the well known Emotet Botnet was taken down in association with a multinational law enforcement operation. Law enforcement agencies in the United States, Europe, and Canada controlled the Emotet infrastructure, which is made of hundreds of servers all over the world.
The Emotet botnet was a high profile malware botnets in the last 10 years and the Emotet Trojan was probably the most damaging malware variant to come out in recent years. The operators behind the Emotet were very professional cybercrime service providers and played big in the cybercrime world. Of all malware attacks, about 30% utilized the Emotet botnet.
When the Emotet Trojan was first discovered in 2014, it was a banking Trojan, but the malware changed into a lot more harmful threat and utilized for numerous cybercriminal operations. The Emotet Trojan served as a backdoor into computer networks and access was marketed to other cybercriminal gangs for conducting data theft, malware distribution, and extortion. Emotet was utilized to send TrickBot and QakBot, which consequently were employed to transmit ransomware variants like Ryuk, Conti, Egregor, and ProLock.
As soon as a device was infected with the Emotet Trojan it will be added to the botnet and employed to infect other gadgets. Emotet could propagate laterally across systems and hijacked email accounts to distribute copies of itself to contacts. The phishing activities of the Emotet gang were extremely successful because they used various lures so there is a higher chance that victims open the emails and get the malware installed. Emotet additionally hijacked message threads and put itself into email discussions to boost the possibility of opening malicious attachments.
The law enforcement activity was planned for about 2 years and was a combined effort between authorities in Germany, the Netherlands, France, Lithuania, Canada, Ukraine, the United Kingdom and the United States, with the campaign coordinated by Eurojust and Europol.
The infrastructure employed to regulate the botnet was spread throughout hundreds of servers, every one of which performed various functions and were utilized to control infected computers, propagate copies of the Emotet Trojan, copy data, and offer services to other cybercrime gangs. The Emotet gang had additionally built resiliency into its facilities to protect against any takedown efforts.
So as to remove the infrastructure and stop any initiatives at restoration, the operation was organized and law enforcement agencies controlled servers simultaneously from the inside. The servers are now under the management of law enforcement and a module that eliminates the malware is currently being propagated. Europol states the malware will be removed from infected units on March 25, 2021.
Besides seriously disabling the operation, a number of members of the Emotet gang in Ukraine alleged of running the botnet were arrested and other arrests are likely to follow.