Perhaps the world’s most infamous phishing racket, the Emotet malware network has been taken down by police, sparing people around the globe millions of dollars in data-theft and computer, software, and network maintenance fees.
In what was the cyber-equivalent to a massive international police raid, the governments of the US, UK, Canada, Lithuania, Holland, France, Ukraine, and Germany all participated in the bust.
First observed in Europe in 2014, Emotet expanded its reach over the years and was behind millions of costly cyberattacks across the globe. The FBI opened its first related investigation when a North Carolina school district was compromised by Emotet in 2017.
“The Emotet malware has evolved substantially since it was first observed by industry,” said Jessica Nye, a cyber team supervisor at the FBI of the announcement. “It became increasingly stealthy in its ability to gain access to your computer, which then opened the door to additional malware.”
Characterized by Word Document attachments that would ask you to “Enable Macros,” a harmless-enough sounding feature of Microsoft Word, an article from the BBC claimed that the robotic network (botnet) sent over 150,000 phishing emails with 100,000 different subject lines and file names.
The FBI notice of the bust described Emotet malware coding as “nimble,” and “ever-mutating. Once the unsuspecting victims pressed ‘Enable Macros’, it created a backdoor into computers, the access to which would then be sold to cyber criminals who would upload their own malware—normally trojans that would record banking information.
Europol reported this week that international cybercrime police took control of Emotet’s infrastructure from the inside, which effectively meant seizing roughly half of the total devices spreading the malware, and took it apart server by server.
“Through the combined efforts of the incredible FBI team, foreign partners, and private sector partners, the command and control network of Emotet was significantly impacted,” Nye said. “To recreate this botnet, the criminals would have to rebuild from scratch.”
Amazingly, the Dutch members of the cyber raid managed to get hold of an enormous rolodex of email addresses that had been successfully infiltrated by the botnet, and they are encouraging people to search for their email addresses in their system to see if yours sat in Emotet’s records.