Law enforcement authorities of several European countries joined their effort in a coordinated action against Emotet. As a result, the infrastructure of the infamous Emotet malware was taken down on Wednesday 27th of January 2021. The police in Netherlands, Germany, United States, United Kingdom, France, Lithuania, Canada and Ukraine participated in this Emotet takedown. Europol and Eurojust coordinated the operation within the EMPACT framework. Meanwhile, they managed to keep the mission under strict secrecy until accomplished.
To clarify, the authorities have taken control of several hundred servers around the world and sinkholed the communication of infected victims towards law enforcement controlled servers. According to Dutch police two of the three main Emotet control servers were located in their country. Most importantly, the Dutch authorities prepared a software update, which will be distributed by the seized servers to Emotet infected machines around the world. It will cause the dangerous malware to uninstall itself on 25th of March 2021. Until then, cybersecurity researchers will monitor infected machines for malware strains utilizing Emotet infrastructure. In addition, 17 Emotet control servers were taken down in Germany according to German Federal Criminal Police.
The Long-Lived Threat
Emotet threatened the world from 2014. It evolved from a simple banking trojan into a dangerous loader for hire, used for spreading multiple other malware strains. The most notorious customers were operators of banking trojan Trickbot, and ransomware Ryuk. Above all, the operators of Emotet distributed the malware by phishing email campaigns. That is to say, the emails of threat actors contained most often Microsoft Word documents with malicious macros. For instance, they used alluring topics like invoices, shipping notices and COVID-19 pandemic.
Billions USD In Damages
In conclusion, officials claim that Emotet infiltrations in Europe and USA caused losses of 2.5 billion USD with average costs of 1 million USD per governmental institution incident.
The Ukrainian police Emotet takedown raid video posted on Youtube already has over 80,000 views. Police officials seized hard drives, precious metal bars and piles of bank notes of several currencies.
Dutch police published a website where you can check if you have a compromised email account. You can compare it against the database they seized during Emotet takedown. In case you get a positive result from the portal, it is probable, that the adversaries infected your machine.
References
World’s most dangerous malware EMOTET disrupted through global action
Police take over global Emotet infrastructure
International Action Targets Emotet Crimeware
Ukrainian police Emotet takedown raid video
Controleer of uw e-mail en wachtwoord gestolen zijn door de Emotet malware