Emotet: “King of malware” is disempowered

display

According to their own statements, an international investigative group has rendered the criminal software "Emotet" harmless.

The police authority Europol announced in The Hague that the global infrastructure on several hundred computers had first been brought under control and then destroyed.

The operation lasted more than two years.

It was carried out under German and Dutch leadership with investigators from eight countries.

The operation was coordinated by Europol and Eurojust.

With reference to ongoing investigations, Europol did not comment on possible arrests.

The software "Emotet" was used by criminals for so-called cyber attacks.

Hidden in an inconspicuous Word document, often disguised as a seemingly harmless attachment to an e-mail or as a link, it broke into computer networks and opened up the possibility of copying or blocking sensitive data.

The perpetrators blackmailed companies and authorities.

Many private computer users also fell into the Emotet trap.

In Germany alone, the Federal Criminal Police Office (BKA) in Wiesbaden recorded damage of 14.5 million euros.

Affected were, for example, the Berlin Court of Justice, the Frankfurt am Main city administration and the Fürth Clinic.

Multiple arrests in Ukraine

display

The Ukrainian public prosecutor said in Kiev that several people had been arrested there.

The total damage in the countries hit was put at 2.5 billion US dollars, the equivalent of around 2.1 billion euros.

In Germany, 17 servers were confiscated, as the BKA announced.

The investigators spoke of "a significant blow against internationally organized Internet crime and at the same time a significant improvement in cybersecurity in Germany".

Emotet has been one of the "most dangerous instruments for cyber attacks" in recent years, said a Europol spokeswoman.

It first appeared in 2014 as a so-called Trojan, malware that disguises itself as a useful file.

"The Emotet infrastructure basically worked like a first door opener in computer systems on a global level," said the authority.

"The system was able to infect entire networks in a unique way just by accessing a few devices."

display

As soon as the illegal access was successful, it was sold to cyber criminals.

These could in turn smuggle in their own Trojans, for example to gain access to bank data, to sell stolen data or to extort a ransom for blocked data.

The malware was hidden in fake invoices, delivery announcements or alleged information about Covid-19.

But if the user clicked on the link provided or opened the attachment, the malware installed itself and spread very quickly.

Regarding the smashing of the Emotet infrastructure, Arne Schönbohm, President of the BSI (Federal Office for Information Security) in Bonn said: “Almost three years ago it was the BSI that had called Emotet the“ King of malware ”.

Since then, we have repeatedly warned of the danger posed by Emotet and pointed out the sometimes considerable consequences for companies, authorities, institutions and, last but not least, also for the citizens. "Tens of thousands of private individuals' computers were infected with Emotet, with the result that that online banking has been manipulated or passwords have been spied on.

The BSI has started to inform the affected users together with providers in Germany so that they can clean up their infected computers and laptops.