• Emotet tot

Emotet infrastructure shattered

In a joint operation, law enforcement agencies from Germany, the Netherlands, Ukraine, Lithuania, France, as well as England, Canada and the United States have smashed the infrastructure of the Emotet malware. Emotet was previously considered the most dangerous malware in the world and in the vast majority of cases was used to extort ransom from victims.

In addition to countless private individuals, the victims included companies, healthcare facilities, government agencies and other public institutions, for example the Berlin Court of Appeal and the administration of the city of Frankfurt am Main. In addition, there were institutions such as the University of Giessen, the Catholic University of Applied Sciences in Freiburg, and the Fürth Clinic. We have reported on Emotet several times in this blog.

What is Emotet?

Emotet is a generic term for malware that infects IT systems with Trojans by means of particularly authentic-looking spam emails. In the vast majority of cases, the gateway for Emotet was email attachments, such as contaminated Word documents. The reason why the emails could look so authentic was that email contents and contact data of the victims were already read out prior to the infection and the contents of the infected email were adapted to a previous communication, for example. In addition to infecting the computer, Emotet’s main task was to download other malware, for example the ransomware Ryuk or the banking Trojan Trickbot.

According to the press release of the Federal Criminal Police Office, the action coordinated by Europol and Eurojust not only succeeded in cutting off the perpetrators’ access to the Emotet infrastructure, but in at least one case it was possible to take control of the Emotet infrastructure.

Video: Emotet takedown in the Ukraine

Is Emotet emodead?

Despite this huge and important blow against cyber criminals, it may be doubted that the cyber crime scene will rest in shock. On the contrary.  Emotet operated on the principle of a bookable service: Manufacturers of banking Trojans, for example, paid to use Emotet to gain access to victims’ computers so they could plant their own malware.

The gap left by Emotet represents an ideal opportunity for other criminals to increase their influence and take over the Emotet makers’ business. There are plenty of successors to Emotet in the form of Ragnar Locker, Dharma and other malware.

Protect your IT against cyber attacks with NoSpamProxy – Try it now!

With NoSpamProxy you can reliably protect your company from cyber attacks. Request your free trial version now!