Emotet takedown – The Most Feared Cybercrime-as-a-Service is Dead

Emotet takedown - The Most Feared Cybercrime-as-a-Service is Dead

Law enforcement authorities of several European countries joined their effort in a coordinated action against Emotet. As a result, the infrastructure of the infamous Emotet malware was taken down on Wednesday 27th of January 2021. The police in Netherlands, Germany, United States, United Kingdom, France, Lithuania, Canada and Ukraine participated in this Emotet takedown. Europol and Eurojust coordinated the operation within the EMPACT framework. Meanwhile, they managed to keep the mission under strict secrecy until accomplished.


LIFARS develops proactive strategies and tactics against evolving cybersecurity threats. Our services such as comprehensive gap assessment, red-teaming, penetration testing, threat hunting and vulnerability assessment help reveal and fix company’s vulnerabilities.


To clarify, the authorities have taken control of several hundred servers around the world and sinkholed the communication of infected victims towards law enforcement controlled servers. According to Dutch police two of the three main Emotet control servers were located in their country. Most importantly, the Dutch authorities prepared a software update, which will be distributed by the seized servers to Emotet infected machines around the world. It will cause the dangerous malware to uninstall itself on 25th of March 2021. Until then, cybersecurity researchers will monitor infected machines for malware strains utilizing Emotet infrastructure. In addition, 17 Emotet control servers were taken down in Germany according to German Federal Criminal Police.

The Long-Lived Threat

Emotet threatened the world from 2014. It evolved from a simple banking trojan into a dangerous loader for hire, used for spreading multiple other malware strains. The most notorious customers were operators of banking trojan Trickbot, and ransomware Ryuk. Above all, the operators of Emotet distributed the malware by phishing email campaigns. That is to say, the emails of threat actors contained most often Microsoft Word documents with malicious macros. For instance, they used alluring topics like invoices, shipping notices and COVID-19 pandemic.

Billions USD In Damages

In conclusion, officials claim that Emotet infiltrations in Europe and USA caused losses of 2.5 billion USD with average costs of 1 million USD per governmental institution incident.

The Ukrainian police Emotet takedown raid video posted on Youtube already has over 80,000 views. Police officials seized hard drives, precious metal bars and piles of bank notes of several currencies.

Dutch police published a website where you can check if you have a compromised email account. You can compare it against the database they seized during Emotet takedown. In case you get a positive result from the portal, it is probable, that the adversaries infected your machine.



World’s most dangerous malware EMOTET disrupted through global action

Police take over global Emotet infrastructure

International Action Targets Emotet Crimeware

Ukrainian police Emotet takedown raid video

Controleer of uw e-mail en wachtwoord gestolen zijn door de Emotet malware