05-25-2021 , 06:53 AM
https://www.pandasecurity.com/en/mediace...ack=180715 Destroying a botnet
May 24, 2021 2 minute read
We all know what a police raid looks like. Kicking down doors, flash grenades, shouting, noise and chaos as the police lead their suspects away in handcuffs.
At least that’s how TV shows it.
But when police went into action to break up a global cybercrime network, events were quite different.
A truly global botnet
Since 2017, organisations across the world have been falling victim to a string of malware and ransomware attacks launched from a botnet called Emotnet. Over the years, Emotnet was responsible for causing hundreds of millions of dollars worth of damage to businesses targeted by malware.
According to statistics compiled by the FBI, each Emotet incident cost approximately $1 million for the affected organisation. Little surprise that it was described as “one of the top cyber threats in the world.”
Between April 1st 2020 and January 17th 2021, approximately 1.6 million computers were infected by Emotnet worldwide..
US law enforcement cybersecurity specialists analysed the malware to identify where it was being controlled from. It was clear that the botnet was being operated from outside the US, so the FBI made contact with other law enforcement bodies to establish a coordinated response. Officials from Canada, France, Germany, Lithuania, Netherlands, Sweden and the Ukraine joined forces to dismantle the criminals’ network.
Working together, the taskforce was able to take down hundreds of infected web servers that were controlling Emotnet and helping to spread malware. More than 50 countries were involved in smashing the distribution system and taking control of the botnet.
Once they had control of the network, the taskforce turned Emotnet against itself. Where the botnet was used to control infected machines and download new malware, it was used to deliver a new update created by the FBI. Although it could not remove malware, the patch prevents infected computers from connecting to the Emotnet botnet, effectively breaking the hackers’ control.
Emotnet is gone, but there’s still work to do
During the course of the investigation, Dutch police discovered a database containing more than 3.6 million accounts, including e-mail addresses, usernames and passwords that had been stolen by the Emotet botnet. This information will have been used by scammers to commit other crimes like identity theft and fraud.
The Dutch National Police have launched a website where you can check if your accounts have been compromised here. Scroll to the bottom of the page for instructions in English.
It is also important to realise that although the Emotnet botnet has been smashed, affected computers will still be infected with malware. It is absolutely crucial that you check your computer and remove viruses, trojans and other malicious software to protect your personal data.
May 24, 2021 2 minute read
We all know what a police raid looks like. Kicking down doors, flash grenades, shouting, noise and chaos as the police lead their suspects away in handcuffs.
At least that’s how TV shows it.
But when police went into action to break up a global cybercrime network, events were quite different.
A truly global botnet
Since 2017, organisations across the world have been falling victim to a string of malware and ransomware attacks launched from a botnet called Emotnet. Over the years, Emotnet was responsible for causing hundreds of millions of dollars worth of damage to businesses targeted by malware.
According to statistics compiled by the FBI, each Emotet incident cost approximately $1 million for the affected organisation. Little surprise that it was described as “one of the top cyber threats in the world.”
Between April 1st 2020 and January 17th 2021, approximately 1.6 million computers were infected by Emotnet worldwide..
US law enforcement cybersecurity specialists analysed the malware to identify where it was being controlled from. It was clear that the botnet was being operated from outside the US, so the FBI made contact with other law enforcement bodies to establish a coordinated response. Officials from Canada, France, Germany, Lithuania, Netherlands, Sweden and the Ukraine joined forces to dismantle the criminals’ network.
Working together, the taskforce was able to take down hundreds of infected web servers that were controlling Emotnet and helping to spread malware. More than 50 countries were involved in smashing the distribution system and taking control of the botnet.
Once they had control of the network, the taskforce turned Emotnet against itself. Where the botnet was used to control infected machines and download new malware, it was used to deliver a new update created by the FBI. Although it could not remove malware, the patch prevents infected computers from connecting to the Emotnet botnet, effectively breaking the hackers’ control.
Emotnet is gone, but there’s still work to do
During the course of the investigation, Dutch police discovered a database containing more than 3.6 million accounts, including e-mail addresses, usernames and passwords that had been stolen by the Emotet botnet. This information will have been used by scammers to commit other crimes like identity theft and fraud.
The Dutch National Police have launched a website where you can check if your accounts have been compromised here. Scroll to the bottom of the page for instructions in English.
It is also important to realise that although the Emotnet botnet has been smashed, affected computers will still be infected with malware. It is absolutely crucial that you check your computer and remove viruses, trojans and other malicious software to protect your personal data.