display

Den Haag / Wiesbaden (dpa) - According to Europol, international investigators have switched off one of the world's most dangerous cyberware networks.

Europol announced on Wednesday in The Hague that the infrastructure of the Emotet system, which is mainly used by organized crime, is under control.

Investigators from eight countries were involved in the mission, which lasted more than two years under German and Dutch leadership.

The operation was coordinated by Europol and Eurojust.

With reference to ongoing investigations, Europol did not comment on possible arrests.

The Ukrainian public prosecutor said in Kiev that several people had been arrested there.

The total damage in the countries hit was put at 2.5 billion US dollars.

In Germany, 17 servers were confiscated, as the Federal Criminal Police Office (BKA) in Wiesbaden announced.

According to the BKA, damage amounting to at least 14.5 million euros had been caused in Germany alone.

The investigators spoke of "a significant blow against internationally organized Internet crime and at the same time a significant improvement in cybersecurity in Germany".

display

Emotet was one of the “most dangerous instruments for cyber attacks” in recent years, said a Europol spokeswoman.

It first appeared in 2014 as a so-called Trojan.

"The Emotet infrastructure basically worked like a first door opener in computer systems on a global level," said the authority.

"The system was able to infect entire networks in a unique way just by accessing a few devices."

In Germany, in addition to the computers of tens of thousands of private individuals, many IT systems of companies, authorities and institutions were infected.

According to the BKA, this included the Fürth Clinic, the Berlin Court of Appeal, the Federal Agency for Real Estate and the City of Frankfurt am Main.

The system was broken into via a Word document, often disguised as a seemingly harmless attachment to an email or as a link, as Europol described.

As soon as the illegal access was successful, it was sold to cyber criminals.

These could in turn smuggle in their own Trojans, for example to gain access to bank data, to sell stolen data or to extort a ransom for blocked data.

display

The malware was hidden in fake invoices, delivery announcements or alleged information about Covid-19.

But if the user clicked on the link provided or opened the attachment, the malware installed itself and spread very quickly.

© dpa-infocom, dpa: 210127-99-193196 / 2

Europol