'World’s most dangerous malware' Emotet disrupted

Law enforcement disrupted Emotet, one of the most significant and dangerous botnets of the past decade, Europol stated in a press release on Wednesday.

This week, authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, coordinated by Europol and Eurojust, carried out an operation which resulted in disruption of the world’s most dangerous malware.

Investigators have now taken control of Emotet’s infrastructure, Europol said in a statement.

“Emotet has been one of the most professional and long lasting cybercrime services out there. First discovered as a banking Trojan in 2014, the malware evolved into the go-to solution for cybercriminals over the years. The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware,” the press release reads.

---

Read more: The 8 biggest botnets of all time

---

Through a fully automated process, Emotet malware was delivered to the victims’ computers via infected email attachments.  A variety of different lures were used to trick unsuspecting users into opening those malicious files. In the past, Emotet email campaigns have also been presented as invoices, shipping notices and information about COVID-19, law enforcement explained.

All these emails contained malicious Microsoft Word documents, either attached to the email itself or downloadable by clicking on a link within the email message. Once a user opened one of these documents, they could be prompted to “enable macros” so that the malicious code hidden in the Word file could run and install Emotet malware on a victim’s computer. 

“What made Emotet so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomwares, onto a victim’s computer,” Interpol said in a press release.

Emotet is said to be one of the biggest players in the cybercrime world as other malware operators like TrickBot and Ryuk have benefited from it. 

“The infrastructure that was used by Emotet involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts,” Interpol said.

What we know about Emotet

Emotet is another sophisticated banking Trojan, David Balaban explained in his article. Its early versions only stole financial records relating to a few banks, but it has evolved dramatically over time. It is (or was) one of the three most prolific and dangerous botnets, although it has only been around for six years.

Spam is the dominating infection vector. Emotet arrives with emails that contain a malicious attachment laced with a Microsoft Office macro. Although the macro is not executed automatically, the attackers use social engineering tricks to lure the victim into running it.

In 2017, the crooks repurposed this botnet so that it mainly acts as a loader for other malicious applications. For instance, Emotet often operates in tandem with the notorious enterprise-targeting ransomware called Ryuk.

In 2020, researchers unveiled a new feature of Emotet: it exhibits worm-like characteristics by hacking poorly secured Wi-Fi networks and self-replicating inside them.

As far as the propagation geography goes, the hardest-hit countries are Germany, the U.S., India, and Russia. China, Italy, and Poland are on the list of heavily “torpedoed” countries as well.

WEF: ‘Major victory’

William Dixon, Cybersecurity Lead at the World Economic Forum, told journalists that ‘the takedown of one of the world’s most dangerous and prolific malware strains is a major victory’, and that building better cyber resilience is crucial.

“The World Economic Forum's Global Risks Report highlighted that cybersecurity is the fourth biggest risk facing leaders today, and this is due to malware like Emotet. It has been a major factor in the global spike in cyberattacks since the pandemic began,” he said.

The next wave of cybersecurity risks will not be a continuation of current challenges, and incremental progress will not be enough to stop them, a recent study by the World Economic Forum, and the University of Oxford showed.

The 14-month study, conducted by the World Economic Forum and the University of Oxford, examines how shifts in technology will impact the cybersecurity industry.