Law enforcement authorities across Europe and judicial agencies worldwide have disrupted the operations of Emotet, an infamous malware strain that affected multiple organizations over the years. Dubbed “Operation Ladybird,” the international coordinated action has taken control of Emotet group’s infrastructure.
The operation is a collaborative effort between authorities in the Netherlands, Europe, Germany, the U.S., the U.K., France, Lithuania, Canada, and Ukraine, and carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
The Emotet malware was linked to various other botnet-based cyber campaigns and delivered malicious payloads like TrickBot and Ryuk ransomware by renting its botnet to other cybercriminal groups. Industry experts said that the successful action would help various organizations and over a million Microsoft Windows systems that are compromised with Emotet malware.
“The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure. This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime,” Europol said.
The Emotet operators mostly used malicious email attachments to distribute the malware into victims’ computers. Besides, the operators used a variety of phishing tactics to trick users into downloading malicious attachments. These attachments contained fake Word docs, macros, or malicious links, either attached for download or in the email text. Once a user clicks the link or downloads the attachment, the Emotet malware code hidden in the Word file installs automatically on the victim’s device.
“Emotet was much more than just a malware. What made EMOTET so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojan or ransomware, onto a victim’s computer. This type of attack is called a ‘loader’ operation, and Emotet is said to be one of the biggest players in the cybercrime world as other malware operators like TrickBot and Ryuk have benefited from it. Its unique way of infecting networks by spreading the threat laterally after gaining access to just a few devices in the network made it one of the most resilient malware in the wild,” Europol added.