At the end of January, police and judicial authorities from Germany, the United States, the United Kingdom, France, the Netherlands, Lithuania, Canada and Ukraine announced the dismantling Emotet, the one they described as "malware most dangerous in the world ". The infrastructure used by this threat came under the control of the police forces.
It is expected that this international operation coordinated by Europol and Eurojust, explains Adolf Streda, analyst at malware from Avast we talked to about this performance, "End the story of one of the malwares most dangerous and adaptable there is ". So far, it has been one of the largest and most effective global infrastructure dismantling operations of this type to date.
"The dismantling of Emotet is a very important milestone in the fight against cybercrime"
At the moment, tools like this search engine allow know if Emotet has affected us in any way and, as explained by some of the police forces participating in the action, a software update has been placed on the central Dutch servers of this network of bots for all infected computer systems. "Hopefully this will eliminate any malware that the Emotet group may have on infected computers, "says Streda.
6 years of cybercrime
"The dismantling of Emotet is a very important milestone in the fight against cybercrime", highlights the Avast specialist. And it is not exaggerating, especially if we consider the nature of this malicious program.
A kind of Swiss army knife for cybercrime with multiple possibilities and available to the highest bidders. It served to steal passwords, steal money from bank accounts, or add the victims' devices to the networks of bots to, in this way, launch more campaigns of phishing and increase your capabilities. And that's how it has worked for six years.
"One of the things that has made the Emotet group so remarkable is how they professionalized their illegal business."
"Emotet started as a banking trojan in 2014 under the control of a group known as TA542, Mealybug and MUMMY SPIDER, "Adolf Streda tells us." Over time, the group changed malware and tactics and became better known by the name of Emotet. One of the things that has made the Emotet group so remarkable is how they professionalized their illegal business. "
This professionalization, as we explained earlier in Genbeta, consisted of leasing the infrastructure to third-party cybercriminals. Criminal groups, many of them high-level according to the police authorities. It was a reliable and professional solution for accessing computer systems around the world through a back door.
All of this happened three years after he was born, in 2017. It was a step toward professionalization, Streda tells us, "which reminds me of Bill Gates's note on the internet gold rush when he said: 'people who sell pans to search engines will often do better than search engines themselves'".
"Seeing the dismantling of this malware by the competent authorities is very positive news for the world of cybersecurity"
One year later, in 2018, your abilities to send spam increased substantially. "In September, they were delivering more than half a million spam messages in a single day. By October, they more than doubled this capacity, delivering more than a million spam messages in a day," recalls the analyst.
Those responsible for Emotet, in the end, practically functioned as a company. As a good company capable of adapting to the demands of its customers and the market situation. This is how in recent times their business model, their payloads of malware, delivery methods and their baits. "For example, in 2020, the Emotet group took advantage of many hooks around Covid-19 to arouse global fears around the pandemic," says the Avast researcher. And they weren't the only ones, as we know.
The chances that those responsible for Emotet - who apparently have not been arrested - will try to regroup and rebuild are high, he believes greater, considers analyst Adolf Streda
"Seeing the dismantling of this malware by the competent authorities is very positive news for the world of cybersecurity considering its wide scope and the large number of families of malware recognized attributed to its infrastructure, "says Streda, who trusts that the action of the authorities means that the botnet Emotet has ceased to exist as we know it.
However, what we highlighted at the end of January, when the news broke, stands out: none of the information provided by the police has mentioned charges or arrests. This opens the possibility that those responsible are free and try to rebuild their once empire. "We have perceived a high degree of adaptability in this group, which makes the chances that they will try to regroup and rebuild are greater than with other groups eliminated in the past," he concludes.