Credit: Bank Info Security

The world will no longer have to worry about the world’s most destructive malware soon.

Law enforcement officials disrupted and took over the EMOTET bot network (botnet), in a coordinated takedown on 28 January 2021, Deutsche Welle (DW) reported.

A coalition of law enforcement officials from various western countries was able to takedown the EMOTET botnet after a two-year investigation of the malware. German and Dutch law enforcement officials mostly led the operation that took down the EMOTET botnet. 

Dutch law enforcement officials are also working on delivering an update to remove the EMOTET malware from every infected computer in the world, according to a ZDNet report.

The office of Europol in The Netherlands
Credit: Europol

Dutch officials located two of the three primary command-and-control (C&C) servers used to manage the EMOTET botnet in their borders. 

The update contains a time-bomb like code that will automatically uninstall EMOTET malware at midnight on 25 March 2021, according to the computer’s local time. 

The update will be sent through the captured C&C servers so that only infected computers will get the update.

Binary Defense senior director Randy Pargman said that the update will also reboot EMOTET’s botnet and urged companies to investigate internal networks for breaches before the update on 25 March. Afterwards, it will be difficult to carry out such investigations.

A video of Ukrainian police raiding two people alleged to be operating the EMOTET botnet.
Credit: National Police of Ukraine (Національна поліція України )

Ukrainian police have also arrested two people who they believe were keeping the EMOTET botnet up and running. 

The EMOTET botnet, according to Europol, first started as a banking trojan in 2014. It then evolved into cybercriminals’ “door opener” to infected computers to illegally acquire data to sell to criminal organisations or extort money from victims.

The malware is usually acquired through an email with a word document attachment containing fake invoices or false information about COVID-19. 

A prompt to “enable macros” will appear after opening the files. Once accepted, the malicious code hidden in the word document will install EMOTET malware on a victim’s computer.

Europol’s infographic on the EMOTET botnet
Credit: Europol

BBC reported that Dmitry Smilyanets from Recorded Future said that the EMOTET creator and his supporters are unlikely to rebuild the network even if they remain at large. “A working botnet is a very complicated and gentle system,” Dmitry said. “If more than half of the infrastructure is not working, it’s safe to say bye-bye.”

They could either retire in peace with their ill-gotten gains or start a new criminal adventure.

Europol mentioned that a combination of both updated antivirus and operating systems, as well as cybersecurity awareness, is essential to avoid falling victim to botnets like EMOTET. 

You can check if your email address is among the email addresses compromised by EMOTET at this link here.  


Written by John Paul Joaquin