A coordinated effort between law enforcement agencies in the US, Canada, and Europe has brought an end to Emotet. On January 27, Europol announced they had shut down Emotet’s command and control infrastructure, which was located in more than 90 countries.
Additionally, authorities arrested two Ukrainian members of the Emotet malware gang responsible for unleashing Emotet around the globe. Among the items seized in the raid on hackers, rows of money and gold bars can be seen in this footage provided by Ukrainian law enforcement.
Origins and impact
Known for its sophistication and ability to avoid detection, Emotet evolved from a banking trojan in 2014 to one of the world’s most notorious botnets. Emotet could be purchased through cybercrime-as-a-service or ransomware-as-a-service marketplaces on a pay-per-install pricing model. After compromising a computer with Emotet, cybercriminals would then deploy secondary malware strains, usually ransomware.
Emotet reached its zenith in 2019 and was widely considered one of the most prominent and dangerous malware threats in the world. After being relatively silent in the beginning of 2020, Emotet reappeared in mid-2020. Security organizations and law enforcement agencies around the world published urgent warnings about Emotet In July. In September, Vade reported a significant spike in Emotet malware activity.
Around the same time, Microsoft warned the public about phishing links, malicious Microsoft Office macros, and password-protected .ZIP files inundating Microsoft customers. During this period, Vade detected a significant increase in phishing URLs impersonating Microsoft.
The end of Emotet—for now
According to Ukrainian law enforcement, Emotet has caused $2.5 billion in damages. Although Emotet is officially out of business, researchers warn that malware gangs who relied on Emotet to launch attacks have no shortage of options to continue menacing businesses around the world.
