Cyber cops in 9 nations team up to disrupt dangerous malware
Law enforcement authorities in several countries have joined forces to disrupt what they call one of the world’s most dangerous pieces of malware, one that allowed criminal gangs to install ransomware and steal data from computer users
THE HAGUE, Netherlands — Law enforcement authorities in several countries have joined forces to disrupt what they call one of the world’s most dangerous pieces of malware, one that allowed criminal gangs to install ransomware and steal data from computer users.
European Union police and judicial agencies Europol and Eurojust said Wednesday that investigators took control of infrastructure behind a botnet called EMOTET. A botnet is a network of hijacked computers used to carry out cyberattacks.
Authorities in the Netherlands, Germany, the United States, the U.K., France, Lithuania, Canada and Ukraine took part in the international operation coordinated by the two Hague-based agencies.
Dutch prosecutors said the malware was first discovered in 2014 and “evolved into the go-to solution for cybercriminals over the years. The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale.”
The Dutch prosecutors said two of the main servers for the infrastructure were based in the Netherlands and a third in another undisclosed country. The national prosecutor’s office said the damage caused by EMOTET runs into the hundreds of millions of euros (dollars).
The malicious software was delivered to computers in infected email attachments containing Word documents.
“A variety of different lures were used to trick unsuspecting users into opening these malicious attachments,” Dutch prosecutors said in a statement. “In the past, EMOTET email campaigns have also been presented as invoices, shipping notices and information about COVID-19.”
Europol said law enforcement agencies teamed up to take down the criminal infrastructure from the inside.
“The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure,” the agency said. “This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime.”
The operation was not the first time that cybercrime fighters have infiltrated illicit computer operations, In 2017, police shut down the world’s leading “darknet” marketplace — then Dutch police quietly seized a second bazaar to amass intelligence on illicit drug merchants and buyers.