The world’s most notorious malware has finally been gunned down and put to rest forever.
On Tuesday, Europol aka the European Union Agency for Law Enforcement Cooperation announced the successful operation it carried out against the Emotet botnet. Investigators, as part of the coordinated action, took control of Emotet’s infrastructure and then went on to put a halt to its malicious activities.
According to Europol, Emotet’s infrastructure consisted of multiple servers located around the world which together helped hackers and malicious attackers behind the operation spread the malware to new victims and strengthen their network.
The takedown of Emotet was a joint effort by multiple countries which notably include – the Netherlands, Germany, France, Lithuania, Canada, the US, the UK, and Ukraine.
By disrupting malware infrastructure from its core, Europol and other participating bodies managed to redirect the infected computers to an infrastructure controlled by the law enforcement itself – this, according to Europol, is a new and unique way to disrupt the activities of cybercriminals.
What is Emotet?
In 2014, Emotet was first discovered as a banking trojan which helped hackers get their hands on bank account credentials and various other financial information from those who got infected. But soon, over the years, it grew to become the biggest go-to tool for cybercriminals and in turn a growing threat to both individuals and organisations worldwide.
The malware found its way to the victim host’s device typically via infected files sent via the email. The email message usually came with a malicious Microsoft Word (.docx) fle which when opened by the recipient asked to enable macros in order for the malicious code to get activate and install Emotet on the computer.
In order to trick unsuspecting users, Emotet campaigns used tactics such as integrating itself with fake invoices, shipping notice and supposed crucial information about the COVID-19 pandemic as well. Now, as part of the takedown operation, the Dutch police was able to seize all the email addresses, usernames and passwords compromised by the malware.
Lotem Finkelsteen, Head of Threat Intelligence at CheckPoint Software said that the botnet which used to lure victims via phishing emails, in 2020 alone, sent over 150,000 different subject lines and more than 100,000 different file names. Emotet constantly kept putting unique twists its phishing email according to victims’ interest and global events to escape the detection of spam filters.
Has Emotet Really Gone Forever?
Now, the answer to that still remains in the grey. Yes, the takedown of Emotet was successful. But anyone who belongs from the world of cybersecurity will tell you malware have a habit of resurfacing in clever and way too many unexpected ways. Therefore, the same can hold true for the Emotet malware as well.
Brandon Hoffman, the chief information security officer at security firm Netenrich, in a statement about the same, said that Emotet has been running for a very long time and therefore is deeply embedded in the cybercrime underground toolkit. Thus, it is very hard to consider it dead forever.
He also added that people who operated Emotet along with its developers will most certainly find some way or the other to recover remnants of it and then repurpose it into a new avatar. Basically, the name Emotet might no longer be used but many of its core pieces can be expected to prop up in other future threats and methods.
All in all, the joint effort by international law enforcement bodies to disrupt Emotet is definitely commendable and hopefully combatting these type of global threats will see speedier and robust initiatives going forward. We will keep you updated on all future developments. Until then, stay tuned.