One of the most dangerous global hacking networks has been taken down in an international sting, leading to multiple arrests. The sophisticated malware virus known as emote has been wreaking havoc on the internet for years now, stealing data and installing crippling ransomware. The financial damage has been significant, soaring into the billions of dollars. Since at least 2014, nations including the Netherlands, Germany, France, Ukraine, and the United States have been chasing this network.
The alleged criminals had been impossible to catch, eluding capture by physically moving their servers from place to place to avoid detection. And these command and control servers weren't just physical. "The group hosted over 700 servers, designed to be disposable and resilient, all across the world, including nearly half here in the United States" says Peter Pokorny, SysAdmin at Twinstate Technologies.
Then, in a coordinated effort on Tuesday morning, teams on the ground around the world physically grabbed the servers and took control of the network. A video of the raid from Ukrainian authorities shows officers capturing computer equipment along with bars of gold and piles of cash from the alleged operators.
If you haven't heard about emotet before, you can think of it as an app store for criminals. It was a way to buy the sort of malware that infects your phone or laptop through attachments you might get in an email and then steal credit card information, social security numbers, or just hold a system for ransom.
"Emotet was originally a banking trojan but slowly evolved into this Malware-as-a-Service model. This meant that the malware operated as a loader for other malware. For example, TrickBot and Ryuk both utilized active Emotet infections to distribute themselves."-Peter Pokorny | System Administrator, Twinstate Technologies
"Emotet malware doesn't discriminate and it will target every sector every in every industry. So if you are a hospital you will be targeted, potentially, with emotet. If you're a school district, like what brought us into this investigation, you'll be targeted by emotet. It's one where that they will target any opportunity that they can."
- Jessica Nye | Supervisor, FBI Cyber Squad, Raleigh, NC
Authorities estimate that the network was responsible for billions in cyber crime and that each infected system cost up to a million dollars to repair or replace.hat happens next?
Email continues to be the number one vector of choice to deliver malware. If you're concerned about malicious attachments and email-based threats, you may want to investigate email security software. For a few dollars a month, a cloud-based email security subscription will dissect incoming attachments for signs of malware and inspect embedded URL's to ensure they do not host an infected domain on the other side. Emails found to be malicious can be quarantined before they ever even reach the perimeter of your network, let alone your inbox, a critical layer in your network security.
While there are certainly reasons to celebrate the emotet takedown, there remain enough variants of it out in the wild that someone could spawn a new version of emotet within the year. Security and vigilance remain essential. If you think a network security assessment would be good for your organization, we have risk assessment options for you.