Emotet, one of the most active and dangerous botnets, has been taken down by international authorities, in an operation coordinated by Europol and Eurojust. This email spamming botnet has been used to distribute malicious Word attachments that further install additional malicious threats known as TrickBot and Qbot.
What has happened?
A few days ago, the joint effort of law enforcement agencies from Germany, the Netherlands, the U.S., the U.K, Lithuania, France, Ukraine, and Canada disrupted the malware's infrastructure.
- After law enforcement took control over the botnet, they are now spreading a module that will uninstall the malware on March 25, 2021. This could be a major interruption that will make it very hard for Emotet to get active again.
- The infrastructure of Emotet included hundreds of servers located around the world, with various functionalities to manage the infected computers.
Actions on suspected actors
- Besides taking down the infrastructure, the Ukrainian Cyberpolice Department arrested two individuals believed to be involved in the botnet's infrastructure maintenance and could face 12 years if they are found guilty.
- In addition, other affiliates of a cybercrime group using the infrastructure have been identified. Measures are being taken to detain them.
Taking down Emotet’s infrastructure is a major win, which is expected to help boost the global fight against cybercrime. To be safe from similar attacks, experts suggest using a reliable anti-malware solution, providing training to employees in identifying phishing emails, and always updating operating systems and software.