Security News > 2021 > January > Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline

UPDATE. The virulent malware known as Emotet - one of the most prolific malware strains globally - has been dealt a blow thanks to a takedown by an international law-enforcement consortium.

"One of the things that makes Emotet so dangerous is that Emotet opens the door to other types of malware, as it were. Large criminal groups were given access to some of those systems for payment to install their own malware. Concrete examples of this are the financial malware Trickbot and the ransomware Ryuk.".

An announcement from Europol added, "The infrastructure that was used by Emotet involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts."

Criminal investigations are continuing globally in an effort to track down the individuals responsible for the Emotet scourge, according to Europol.

"Certainly the people who operated Emotet, as well as the developers of it, will find a way to recover remnants of it and repurpose it into a new version. While the name Emotet may no longer be used, we should assume core pieces will live on through other tools and methods. There is a lot that we know about Emotet and we can apply those learnings for future defense, ideally providing earlier detection/prevention."

"With the help of such back-ups, the perpetrators can be operational again relatively quickly if their criminal infrastructure is taken down. The police hope that this operation will make a possible reconstruction of Emotet seriously difficult."

News URL

https://threatpost.com/emotet-takedown-infrastructure-netwalker-offline/163389/