Emotet Disrupted Through Global Action

Infamous botnet Emotet has been brought down by an international law enforcement operation.

Earlier today, Europol announced that Emotet's infrastructure had been taken over by investigators in a coordinated action by authorities in Canada, France, Germany, Lithuania, the Netherlands, the United Kingdom, the United States, and Ukraine, with international activity coordinated by Europol and Eurojust.

First discovered as a banking trojan in 2014, the malware evolved into a powerful tool used by cyber-criminals the world over to gain unauthorized access to computer systems. Emotet's creators—APT group TA542—offered the malware for hire to other cyber-criminals, who used it to install other malware, such as banking trojans or ransomware, onto a victim’s computer.

"EMOTET was much more than just a malware," said Europol. "Its unique way of infecting networks by spreading the threat laterally after gaining access to just a few devices in the network made it one of the most resilient malwares in the wild." 

The botnet's infrastructure was supported by several hundred servers located across the world, all with different functionalities. While some were dedicated to managing infected computers or spreading the malware to new victim devices, others were set up to serve criminal groups and thwart takedown attempts.

"It is hard to overstate the significance of the achievement announced by Europol today in bringing the EMOTET botnet offline," said Nominet CISO Cath Goulding. "It will have immediate effect from a cyber security perspective, with EMOTET consistently ranking as one of the most persistent threats facing individuals and organizations."

Vectra CEO and president Hietsh Sheth welcomed the news of Emotet's takedown but cautioned that it was long overdue. 

"The result here is gratifying, but the havoc EMOTET wreaked across numberless networks in seven years is alarming," said Sheth. 

"None of us know how many malware cousins of EMOTET are doing more damage right now, but if each takes seven years to neutralize, we will remain in perpetual crisis,” he added. 

Digital Shadows threat researcher Stefano De Blasi expects Emotet's operators to bounce back from this blow to their operations.

"Malicious botnets are exceptionally versatile, and it is likely that their operators will sooner or later be able to recover from this blow and rebuild their infrastructure—just like the TrickBot operators did," said De Blasi.

What’s Hot on Infosecurity Magazine?