International police have disrupted the “world’s most dangerous” cybercrime service used to break into computer systems, law agencies announced on Wednesday.
The illicit service called EMOTET was operated as a so-called botnet, software that infects a network of computers and allows them to be remotely controlled, Europol and its judicial sister agency Eurojust said.
Police based in Britain, Canada, Germany, Lithuania, the Netherlands, Ukraine and the United States teamed together to infiltrate EMOTET’s infrastructure.
Describing it as the “world’s most dangerous malware”, Europol said in a statement that “law enforcement and judicial authorities worldwide have this week disrupted one of the most significant botnets of the past decade: EMOTET.”
The network involved several hundred servers around the world that were used to “manage the computers of the infected victims, to spread to new ones, to serve other criminal groups,” Europol said.
“Investigators have now taken control of its infrastructure in an international coordinated action,” it said.
What made EMOTET especially dangerous was the fact that it was offered for hire to other “top level” criminals, who then used this “door opener” to install other types of malware, Europol said.
This included infamous banking “Trojans” which steal bank details and credentials, and ransomware that locks files and systems and holds them for ransom for large sums of money.
Criminals used email attachments to trick unsuspecting victims into opening the mails, making them look like invoices, shipping notices and information about Covid-19.
All these emails contained malicious Word documents, either attached to the email or downloadable by clicking on a link within the mail.
Once a user opened one of these documents, they were prompted to “enable macros” so that the malicious code hidden in the Word file could run and install EMOTET malware on a victim’s computer.
“EMOTET was one of the biggest vectors of corporate infection in ransomware and data theft attacks,” Gerome Billois, Paris-based cybersecurity expert for the consultancy Wavestone, told AFP.
The police action “shows that it is possible to stop cyber-criminals”, Billois added.