Emotet malware “disrupted” after global investigation

ByCraig Haley

For the last handful of years, a type of malware known as Emotet has emerged as the most dangerous and prolific malware cyber threat facing Internet users and businesses.

But this particular threat took a massive hit this week after a global investigation from agencies in several countries and coordinated by Europol managed to take control of many of the servers and that had been used by the crooks to launch Emotet attacks on individuals and businesses around the globe.

What is Emotet?

Emotet isn’t a specific strain of malware. It’s perhaps more accurately described as a botnet, meaning its priority is infecting and controlling infected devices, as opposed to being associated with any specific type of attack (like encrypting important files or spying on activity.) Emotet is considered polymorphic, meaning it can make subtle changes to itself each time it loads up, making it difficult for antivirus software to detect immediately.

Because Emotet focuses on gaining and maintaining access to an infected device, the crooks behind it have used it as a de facto “for hire” service. This means a device infected with Emotet will likely be subsequently infected with additional malware payloads (such as keyloggers or ransomware) as access to the infected device is sold off to more criminals enterprises.


Sponsored Content. Continued below...




In many ways, Emotet is like the thief that cracks open the safe. But instead of pocketing the treasures that lie within for themselves, Emotet typically hired out its safe cracking services to other crooks who then bagged what’s inside. Naturally Emotet took a substantial cut, or a lucrative flat fee pay off.

Emotet would infect devices primarily through booby trapped email attachments, attached to emails that use a variety of social engineering tricks to lure a recipient into opening them. Once infected, Emotet took control of that device, and would sell access to it – along with countless other infected devices – to other cyber crooks. Often organised criminal networks.

And these criminals would often use the access that Emotet provided to further infect devices with more malware. Perhaps most popularly ransomware, including the Ryuk and Conti ransomware strains. (Ransomware encrypted personal files on a computer and demands the victim pay a ransom to get a decryption key to get them back.)

However, it’s likely that Emotet attacks are, for the time being, to become significantly less popular as many of the resources used by the network of crooks behind Emotet have been seized by authorities. This includes servers responsible with a variety of tasks including infecting new devices, managing existing infected devices, managing the malware’s “for service” capabilities and helping prevent the malware from being taken down.

Europol notes on its website that the global action taken against the cyber crooks included authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine.

Despite the action taken against Emotet, Internet users should still be aware that this is not likely to be the last we’ve heard of the botnet. The malware itself still exists, and it’s inevitable that many of the crooks involves with it will try and rebuild their seized infrastructure.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)