Smash Emotet: The King of Malware Dethroned | Antivirus Software

Arne Schönbohm, President of the Federal Office for Information Security (BSI), spoke about the Emotet blackmail trojan in 2019 and called it the “king of malware”. Now, this king has been dethroned: Investigators have succeeded in gaining control over the infrastructure of the Emotet Trojans. In today's post, we report on how we find joyous, investigative success and look at the Emotet victims. We also dare to take a look into the future of the pest.

Emotet Switched Off

As the European police agency Europol and the Federal Criminal Police Office (BKA) announced, international investigators succeeded on January 26th in smashing the infrastructure behind Emotet, one of the world's most dangerous malware networks. Investigators from eight countries under German and Dutch leadership have investigated for over two years; Emotet first appeared in 2014.

A Europol spokeswoman said: Emotet would be one of the “most dangerous tools for cyberattacks. [...] The Emotet infrastructure basically functioned as a first door opener in computer systems on a global level. The system was able to infect entire networks uniquely just by accessing a few devices, ”said the agency.

In a press release BSI is also enthusiastic about the investigators' success. BSI President Schönbohm explains: “Almost three years ago it was the BSI that Emotet is described as the 'king of malware'. Since then, we have repeatedly warned of the danger posed by Emotet and pointed out the sometimes considerable consequences for companies, authorities, institutions, and, last but not least, for the citizens. The list of victims is long: hospitals had to cease their medical operations, courts and city administrations were paralyzed, and countless companies had no access to their important business data and digital processes. Tens of thousands of private individuals' computers were also infected with Emotet, with the result that online banking was manipulated or passwords were spied on. "

 

The BSI now has the task of forwarding the IP address information of the connections concerned determined in the preservation of evidence to the relevant network operator. For their part, the providers are required to inform their affected customers about Emotet infections. The BSI provides information on its website about how IT can be disinfected.

Emotet: Investigations Are Ongoing

According to the BKA, 17 servers have so far been confiscated in this country. The authority is currently silent about possible arrests - the investigations are still ongoing. Several computers are still infected with Emotet, and their owners often don't know about it. However, as already mentioned, the BSI and the provider will work together and inform the Emotet victims. The first steps have already been taken:

As the BKA explained, "by taking control of the Emotet infrastructure [...] it is possible to make the malware on affected German victim systems unusable for the perpetrators." For this, the malware was "moved to quarantine on the victim systems." “Not only private individuals, but also and especially companies should now use the time to check the IT security of their own systems and adjust them if necessary.

Destroying the Infrastructure - but The Perpetrators?

The investigators have undoubtedly achieved a huge success - Emotet has been temporarily neutralized. However, the perpetrators behind Emotet were not caught. The cybercrime activities have brought these backers big profits. It is just as possible for them to retire as to rebuild the infrastructure.

No matter what the perpetrators decide - one thing is clear: wherever and whenever cybercriminals can benefit from mass infections, for example by reselling data or stealing ransom using blackmail trojans, such cybercrime will continue to exist. Emotet itself did not encrypt any data but reloaded malware that took over. At the moment there is no evidence that the keys for already encrypted content could have been obtained.

Thanks to the commitment of the investigative authorities, Emotet can no longer cause any damage itself. However, reloaded Trojans remain active and extremely dangerous. The police would like to counter this with two measures: Via the integrated update function, Emotet only communicates with control servers operated by the police. A new function was also discovered with uninstall_emotet (). This function is currently being delivered to infected computers by Emotet servers and is scheduled to run on April 25th. This uninstallation could be the “move to quarantine” targeted by the BKA.

Emotet & Co .: Stay Vigilant!

What the investigative authorities have achieved is great news! Nonetheless, two points are missing: The backers have not been captured and the victim systems have not yet been cleaned. Although the BSI and provider send out warnings, it seems questionable whether all victims (can) react accordingly. It is important to remain vigilant because the cybercriminals either return themselves or quickly find imitators.

If you are a victim of malware then you would have known about the consequence of malware attacks. Hence before any repeat of mistake, you have to trust advanced antivirus software to keep your data protected from