Emotet malware “disrupted” after global investigation

For the last handful of years, a type of malware known as Emotet has emerged as the most dangerous and prolific malware cyber threat facing Internet users and businesses.

But this particular threat took a massive hit this week after a global investigation from agencies in several countries and coordinated by Europol managed to take control of many of the servers and that had been used by the crooks to launch Emotet attacks on individuals and businesses around the globe.

What is Emotet?

Emotet isn’t a specific strain of malware. It’s perhaps more accurately described as a botnet, meaning its priority is infecting and controlling infected devices, as opposed to being associated with any specific type of attack (like encrypting important files or spying on activity.) Emotet is considered polymorphic, meaning it can make subtle changes to itself each time it loads up, making it difficult for antivirus software to detect immediately.

Because Emotet focuses on gaining and maintaining access to an infected device, the crooks behind it have used it as a de facto “for hire” service. This means a device infected with Emotet will likely be subsequently infected with additional malware payloads (such as keyloggers or ransomware) as access to the infected device is sold off to more criminals enterprises.


Sponsored Content. Continued below...




In many ways, Emotet is like the thief that cracks open the safe. But instead of pocketing the treasures that lie within for themselves, Emotet typically hired out its safe cracking services to other crooks who then bagged what’s inside. Naturally Emotet took a substantial cut, or a lucrative flat fee pay off.

Emotet would infect devices primarily through booby trapped email attachments, attached to emails that use a variety of social engineering tricks to lure a recipient into opening them. Once infected, Emotet took control of that device, and would sell access to it – along with countless other infected devices – to other cyber crooks. Often organised criminal networks.

And these criminals would often use the access that Emotet provided to further infect devices with more malware. Perhaps most popularly ransomware, including the Ryuk and Conti ransomware strains. (Ransomware encrypted personal files on a computer and demands the victim pay a ransom to get a decryption key to get them back.)

However, it’s likely that Emotet attacks are, for the time being, to become significantly less popular as many of the resources used by the network of crooks behind Emotet have been seized by authorities. This includes servers responsible with a variety of tasks including infecting new devices, managing existing infected devices, managing the malware’s “for service” capabilities and helping prevent the malware from being taken down.

Europol notes on its website that the global action taken against the cyber crooks included authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine.

Despite the action taken against Emotet, Internet users should still be aware that this is not likely to be the last we’ve heard of the botnet. The malware itself still exists, and it’s inevitable that many of the crooks involves with it will try and rebuild their seized infrastructure.