Law enforcement authorities in several countries, including the UK, have joined forces to disrupt what they call one of the world’s most dangerous pieces of malware.
They said it allowed criminal gangs to install ransomware and steal data from computer users.
European Union police and judicial agencies Europol and Eurojust said that investigators took control of infrastructure behind a botnet called Emotet. A botnet is a network of hijacked computers used to carry out cyber attacks.
Authorities in the Netherlands, Germany, the US, France, Lithuania, Canada and Ukraine also took part in the international operation co-ordinated by the two Hague-based agencies.
Dutch prosecutors said the malware was first discovered in 2014 and “evolved into the go-to solution for cyber criminals over the years”. They added: “The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale.”
The Dutch prosecutors said two of the main servers for the infrastructure were based in the Netherlands and a third in another undisclosed country. The national prosecutor’s office said the damage caused by EMOTET runs into the hundreds of millions of euros.
“This is a really big deal. Emotet was one of the largest, if not the largest, botnets delivering a wide variety of malware. Their botnet consisted of hundreds of thousands of compromised hosts which were used to send more than 10 million spam and phishing emails a week,” said Allan Liska, an analyst with Recorded Future.
Jake Williams, president of cyber security firm Rendition Infosec, said “there’s no question that this will hurt (ransomware gangs) and help defenders in the short/mid term”.
The malicious software was delivered to computers in infected email attachments containing Word documents.
❗️🌐 Global cooperation leading to results:
— Eurojust (@Eurojust) January 27, 2021
“A variety of different lures were used to trick unsuspecting users into opening these malicious attachments,” Dutch prosecutors said in a statement. “In the past, Emotet email campaigns have also been presented as invoices, shipping notices and information about Covid-19.”
Europol said law enforcement agencies teamed up to take down the criminal infrastructure from the inside.
“The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure,” the agency said. “This is a unique and new approach to effectively disrupt the activities of the facilitators of cyber crime.”
The operation was not the first time that cyber crime fighters have infiltrated illicit computer operations. In 2017, police shut down the world’s leading “darknet” marketplace — then Dutch police quietly seized a second bazaar to amass intelligence on illicit drug merchants and buyers.