The cyber criminals behind one of the world’s most dangerous hacking networks were dealt a major blow this week, as police seized thousands of their computers.
The Emotet network takes advantage of weak admin passwords and system vulnerabilities to distribute itself across victims’ devices. It then steals user credentials, card details and financial and banking information, which it sends to command-and-control servers via cookies in HTTP requests.
More than 500 servers had been identified before police from the UK, EU, US and Canada worked to “disrupt” Emotet.
Europol called it “one of most significant botnets of the past decade” and one of the main “door openers” for computer systems worldwide.
“Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware,” it said.
🤔How did Emotet infect its unsuspecting victims? pic.twitter.com/zx5ZBWql4j— Europol (@Europol) January 27, 2021
Dmitry Smilyanets, from Recorded Future, said:
Even if the creator and his support and operators are not arrested, they likely will not try to rebuild.
They have enough cash to retire in peace – or start a new criminal adventure. A working botnet is a very complicated and gentle system.
If more than a half of the infrastructure is not working, it’s safe to say bye-bye.
What is Emotet?
Emotet was originally designed a banking Trojan, which would spy on victims’ computers to steal login details.
Criminals would target victims with phishing emails containing what appeared to be a Word document marked for their attention. In reality, the document included poisoned macros that, when enabled, exposed the computer to the attackers.
Since it first appeared, Emotet has been used to distribute various other malicious payloads, wreaking havoc on individuals and organisations.
The police’s disruption of the Emotet network is a major success for the cyber security sector, but we shouldn’t assume that the threat is gone altogether.
Emotet had previously been shut down in 2019, but after several months of silence, it returned to terrorize people and organisations across the globe.
Want more advice on Emotet?
You can learn more about this topic by reading our free guide: Fighting the Emotet Trojan. It explains in more detail:
- How Emotet spreads, and what makes the malware so disruptive;
- The practical steps you can take to protect yourself from Emotet; and
- How to remove Emotet from your network in the event of an infection.