European authorities ban Emotet malware |
Law enforcement agencies in eight countries have removed the malware infrastructure called Emotet, which has carried out countless spam campaigns and robotic ransomware attacks over the past decade.
This infrastructure, called "Operation Beetle", was destroyed as a result of a joint effort by the relevant authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine to gain control of the previous malicious network's servers. calendar.
Europol said: Emotet's infrastructure basically functions as a major key for IT systems around the world. What makes Emotet so dangerous is that it is loaned out to other cybercriminals to install other types of malware such as banking trojans or ransomware. Via the victim's computer.
Since its debut in 2014, Emotet has evolved from being a data theft and banking Trojans software to a powerful tool that, depending on the publication, can act as a home and steal information and spam.
It is known for its constant development and is updated regularly to improve its concealment. Also, new espionage capabilities are being added through various devices including wireless hubs to identify and infect new victims linked to nearby networks.
In the past year, it has been linked to some bot-based spam campaigns, and it can also introduce more dangerous types by renting its bots to other malware packages like TrickBot and Ryuk Ransomware.
The UK's National Crime Agency said: The software infrastructure mapping process took nearly two years as many assets were searched in the Ukrainian city of Kharkov in order to seize computers used by hackers.
The Ukrainian Electronic Police Service has arrested two people suspected of participating in the maintenance of the robotic infrastructure. If convicted, they face 12 years in prison.
The UK National Crime Agency added: An analysis of the accounts used by the team behind Emotet found that $ 10.5 million was sent through a virtual currency platform within two years, while the team paid nearly $ 500,000 during the same period as maintenance of its criminal infrastructure. .
The Ukrainian authorities said: The global damage related to the Emotet program has caused losses of about $ 2.5 billion.
Now that Emotet has running at least 700 servers worldwide and removed them internally, malware-infected devices are being directed to law enforcement's infrastructure to prevent further exploitation.
In addition, the Dutch National Police has released a tool that can be used to search for potential violations based on a dataset of 600,000 email addresses, usernames and passwords identified in the process.
Dutch police, who have confiscated two central servers in the country, said they have released software updates to effectively remove the threat from Emotet.
Emotet is expected to remove all infected devices on April 25, 2021.