Law enforcement coordinating operation disrupts Emotet Trojan
The virulent malware known as Emotet has been dealt with a blow because of large-scale coordinated operation from Eurpol, the FBI and law enforcement agencies.
The authors participate in the operation are from Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the United Kingdom and the United States, worked altogether and lasted the malware elimination operation in about two years.
Emotet was first observed on the wild back to 2014 and that time it was found to be distributed via email spam and malicious documents such as word, Excel and so on.
Researchers explained, “Such letters could be disguised as invoices, waybills, account security warnings, party invitations or information about the spread of the coronavirus. In short, hackers closely followed the global trends and constantly improved the decoy letters.”
The malware that once started like classic Banking Trojan, soon evolved as a powerful downloader with malicious modules. The malware authors soon began the co-operation with various cybercriminal groups.
After the successful installation on the targeted system, the malware started sending various spamming messages and also installing additional malware on the device. It was used to download/ install other banking Trojans like Trickbot, miners, info-stealers as well as ransomware such as Ryuk.
Europol said in their report that the Emotet is “the most dangerous malware in the world.” Also, they declared it as “one of the most prominent botnets of the last decade.”
The operation to eliminate this malware, as per the law enforcement offers, will be the larget operations of this kind and will impact on entire world.
Fernando Ruiz, the head of the operations at the European Cybercrime Center, says, “We have eliminated one of the main droppers in the market, and now there is likely to be a gap that other criminals will try to fill. But for a while [our operation] will have a positive impact on cybersecurity.”
According to the authorities, Emotet infrastructure was permanently being seized and thus the crooks will no longer be able to use the hacked systems. This means, they will not able to spread the malware to new targets.
Europol experts say, “Emotet’s infrastructure included several hundred servers located around the world, each with different functionality to manage infected victim computers, spread to new machines, serve other criminal groups, and ultimately make the network more resilient to disconnection attempts”
The two of the three main control servers were located in Dutch and therefore, this is the place where the database of the stolen email addresses and usernames and passwords were found. Users can check if they have been hacked through this virus via visiting the Netherlands police’s website.
Also, the law enforcement officers deploy a special update to the infected hosts by accessing to the command and control servers. Users have to use a code “ticking time bomb” to remove Emotet virus from their system before 25th March, 2021 at local time 12:00.