European law enforcement brought an end to the botnet Emotet this week after an international campaign took out the global infrastructure running the malware.
In a statement, Europol said law enforcement agencies from around the world coordinated an effort – codenamed Operation Ladybird – to take control of the hundreds of servers running Emotet.
“The infrastructure that was used by Emotet involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts,” Europol said.
“To severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy.
“The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure.”
Beginning as a banking trojan in 2014, Emotet spread through phishing emails containing malware-laden attachments.
The botnet leveraged infected accounts and machines to grow and was often used by cybercriminals to steal credentials, escalate access, or drop ransomware.
Germany’s Central Office for Combating Internet Crime (ZIT) said 17 servers were seized in the country during the operation.
“The smashing of the Emotet infrastructure represents a significant blow against internationally organized internet crime and at the same time a significant improvement in cybersecurity in Germany,” the ZIT said in a statement.
Ukraine’s national police force released footage of their raid on an Emotet infrastructure site which shows dusty, run-down rooms filled with computer hardware and stacks of cash.
Ukrainian police said the bad actors will face up to 12 years in prison.
“Other members of an international hacker group who used the infrastructure of the Emotet bot network to conduct cyberattacks have also been identified,” they said in a statement.
“Measures are being taken to detain them.”
The dirty underbelly of Emotet malware. Source: Ukrainian National Police
Dutch police said they “used their hacking powers” to infiltrate the Emotet infrastructure knocking out two of the botnet’s main servers located in the Netherlands.
“More than 1 million computer systems infected by Emotet are known worldwide,” Dutch police said in a statement.
“In addition, 600,000 e-mail addresses with passwords were found in the investigation.”
Authorities in the Netherlands have released a tool you can use to check if your email address was compromised by Emotet.
Emotet was discovered on the Australian Parliament’s IT system in late 2019 as a wave of the malware activity wreaked havoc on Australian organisations and infrastructure.
Last year, Emotet briefly became a laughing stock when someone changed its malicious payload to harmless gifs of James Franco.