Law enforcement agencies from the several EU countries and the UK have dismantled the notorious malware Emotet.
The takedown of this malicious botnet happened on Tuesday, 26th January.
Emotet is a computer malware program that was originally developed in the form of a banking Trojan. Its main goal was to access devices as well as spy on sensitive private data.
As threat, it was particularly sneaky. It has been known to deceive basic antivirus programs and hide from them.
Finally, Emotet gained popularity in the cybercrime universe for its modular architecture. Modularity makes it tailorable for every environment it targets.
Let’s discover more below.
The Emotet threat
Experts have labelled this malware as extremely dangerous. What was its danger capacity?
Emotet is a threat that analysts believed to be Russia-based.
Experts identified it for the first time back in 2014. Its activity focused on the banking and financial sector as it acted as bank credential stealer in its first version.
Hackers, moreover, added to its second version money transfer, malspam, and banking features. By January 2015, it had evolved yet again with evasive features.
Emotet, afterwards, became a modular malware in 2015.
Particularly, Emotet employs as main infection vector is through phishing attacks.
They use email with malicious links or Macro-embedded Microsoft Word files to spread. Once deployed, Emotet can launch different malware payloads based on the target machine and its goal. In recent years, it has become one of the most commonly employed commodity malware.
In short, Emotet is a “Swiss Army Knife”, a malware capable of performing many malicious tasks.
The disruption of Emotet.
Emotet, thus, posed a significant danger to the cybersecurity of many organizations and physical persons in a world scale.
The operation, coordinated by Europol, took almost 2 years to map the Emotet servers in Europe and beyond.
Ukrainian authorities, furthermore, have arrested 2 individuals allegedly involved in the botnet’s infrastructure maintenance.
According to official sources, the estimation of the damage posed by Emoted reaches up to $2.5 billion.
The Dutch National Police has also released a tool to check for potential compromise. It consists of a dataset containing 600,000 e-mail addresses, usernames, and passwords identified during the operation.
Finally, Emotet is to be wiped en masse on April, 25th 2021 at noon on all infected devices, by the means of a software update.
This is a very good news. Indeed, the cyberspace is now safer place. However, we should not let our guard down, ever.
The following is a list of suggestions on how to protect from this threat.
- Keep up to date. Keep yourself regularly informed about further developments concerning Emotet.
- Security updates. You may install updates provided by manufacturers as quickly as possible to close possible security gaps. This applies to operating systems as well as all applications
- Backup your data regularly
- Finally, use strong passwords. Possibly two-factors authentication.
In conclusion, do not forget to read our blog with latest updates on cyberthreat and cybersecurity!