The joint effort is an encouraging step in the right direction, but new malware families are likely to take its place.
We have all heard of Emotet malware and banking trojan—often called one of the most significant botnets in the past 10 years. Last week, Europol and Eurojust announced that they have busted the whole infrastructure behind the emotet malware from the inside—after gaining control of its servers!
Europol had explained that the infrastructure involved several hundreds of servers located globally, all having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts.
Two individuals have also been arrested by Ukrainian police for suspicion of maintaining Emotet’s back end. Other members behind the malware are being hunted down at the moment.
Could this spell the Emotet to be busted? According to Constin Raiu, Director, Global Research and Analysis Team, Kaspersky: “This is possibly one of the most important recent botnet takedowns, mostly because of the physical action against the cybercriminals running Emotet. In my opinion, the coordinated move from multiple Law enforcement agencies against their network infrastructure will have a significant impact on Emotet’s ability to operate during the next months. With Emotet out of the cybercriminal ecosystem, it remains to be seen if their place will be taken by another group, or if they will be able to orchestrate a comeback, be it either as Emotet or perhaps as a merger with another group and continue from there.”
Last but not least, Raiu said, since Emotet were renting their infrastructure to other cybercriminal groups, pushing malware such as Trickbot, this should also impact even other cybercriminal groups’ ability to maintain and grow their botnets. “The Emotet takedown will probably affect multiple cybercriminal groups and their operations beyond Emotet themselves.”