Police in six European countries, as well as Canada and the US, completed a joint operation to take control of Internet servers used to run and control the malware network.
International police have disrupted the "world's most dangerous" cybercrime service used to break into computer systems, law agencies announced.
The illicit service called EMOTET was operated as a so-called botnet, software that infects a network of computers and allows them to be remotely controlled, Europol and its judicial sister agency Eurojust said on Wednesday.
Police based in Britain, Canada, Germany, Lithuania, the Netherlands, Ukraine and the United States teamed together to infiltrate EMOTET's infrastructure.
Describing it as the "world's most dangerous malware," Europol said in a statement that "law enforcement and judicial authorities worldwide have this week disrupted one of the most significant botnets of the past decade: EMOTET."
The network involved several hundred servers around the world that were used to "manage the computers of the infected victims, to spread to new ones, to serve other criminal groups," Europol said.
"Investigators have now taken control of its infrastructure in an international coordinated action," it said.
"The smashing of the Emotet infrastructure is a significant blow against international organised Internet crime," Germany's BKA federal police agency also said in a statement.
🤔How did Emotet infect its unsuspecting victims? pic.twitter.com/zx5ZBWql4j— Europol (@Europol) January 27, 2021
Door for malicious software
What made EMOTET especially dangerous was the fact that it was offered for hire to other "top level" criminals, who then used this "door opener" to install other types of malware, Europol said.
This included infamous banking "Trojans" which steal bank details and credentials, and ransomware that locks files and systems and holds them for ransom for large sums of money.
Criminals used email attachments to trick unsuspecting victims into opening the mails, making them look like invoices, shipping notices and information about Covid-19.
All these emails contained malicious Word documents, either attached to the email or downloadable by clicking on a link within the mail.
Once a user opened one of these documents, they were prompted to "enable macros" so that the malicious code hidden in the Word file could run and install EMOTET malware on a victim's computer.
Using our international reach, the NCA will continue to work with partners to identify those behind #Emotet and bring them to justice.— National Crime Agency (NCA) (@NCA_UK) January 27, 2021
Security experts say Emotet's operators often sell access to victims' computers to other hackers, using a "malware-as-a-service" business model that has made them one of the world's most prolific and damaging cybercrime groups.
"EMOTET was one of the biggest vectors of corporate infection in ransomware and data theft attacks," Gerome Billois, Paris-based cybersecurity expert for the consultancy Wavestone, told AFP.
The police action "shows that it is possible to stop cyber-criminals," Billois added.
German police said infections with EMOTET had caused at least $17.56 million (14.5 million euros) of damage in their country. Globally, Emotet-linked damages cost about $2.5 billion, Ukrainian authorities said.
Ukraine's General Prosecutor said police had carried out raids in the eastern city of Kharkiv to seize computers used by the hackers. Authorities released photos showing piles of bank cards, cash and a room festooned with tangled computer equipment, but did not say if any arrests were made.