Emotet botnet goes offline as cops seize servers - Comment from an Opentext company Webroot
January 2021 by Webroot
The Emotet botnet, one of the most widespread and dangerous cyber threats in operation today, has been forced offline in an international law enforcement operation by police on both sides of the Atlantic. Europol, the FBI, the UK’s National Crime Agency and others coordinated action, resulting in investigators taking control of the infrastructure controlling Emotet in one of the most significant disruptions of cyber-criminal operations in recent years.
Kelvin Murray, Senior Threat Research Analyst at Webroot
"Botnets have been one of the most common malware deployment methods over the past decade, and Emotet, in particular, has been instrumental in spreading ransomware as a secondary payload, so we welcome the action taken by law enforcement agencies to knock it offline.
However, given the distributed nature of Emotet and the legal impunity that its masters have operated with for years, it is doubtful that this operation will end it entirely. However, it will make this huge criminal enterprise more complicated and expensive to run and help strengthen the cross-border co-operation desperately needed in the fight against cybercrime.
The evolution and volume of attack types emitting from botnets have been significant over recent years, and it’s likely we’ll continue to see others emerge in the future due to the scale of infection they can achieve and the financial rewards gained from them. The UK’s National Crime Agency reported seeing over $10.5M moved by the group behind Emotet over a two-year period on just one Virtual Currency platform. Investigators were able to identify that almost $500,000 had been spent by the group over the same period to maintain its criminal infrastructure, highlighting the size and scale of the operation.
To protect against future botnet threats, organisations should ensure they have strong, reputable cybersecurity software in place that uses real-time threat intelligence and offers multi-layered shielding to detect and prevent multiple types of attacks at different stages of the attack cycle. They should also run regular security awareness and phishing simulations to ensure end-users know how to spot suspicious messages and threats."