EMOTET Has Been One Of The Most Professional And Long-Lasting CybercrimeCybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. Services Out There

First discovered as a banking TrojanTrojan Software that's hidden within apparently harmless data — or masquerades as a regular program — and when activated, can deliver such blows as corrupting data on your hard drive or sending files and account information to hackers. Unlike viruses and worms, Trojans do not self-replicate and spread to other computers. VirusVirus A computer program that can replicate itself and spread from computer to computer or file to file. It comes to life only when you take a specific action, such as running a particular program. in 2014, the malware evolved into the go-to solution for cybercriminals over the years!

This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine, with international activity coordinated by EuropolEuropol The European Union Agency for Law Enforcement Cooperation, better known under the name Europol, formerly the European Police Office and Europol Drugs Unit, is the law enforcement agency of the European Union (EU) formed in 1998 to handle criminal intelligence and combat serious international organized crime and terrorism through cooperation between competent authorities of EU member states. The Agency has no executive powers, and its officials are not entitled to arrest suspects or act without prior approval from authorities in the member states. Based in The Hague, it comprised 1,065 staff as of 2016. WEBSITE LINK and Eurojust. This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale.

Once this unauthorized access was established, these were sold to other top-level criminalCriminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues. groups to deploy further illicitillicit Illicit means something that is not legally permitted or authorized under the law; unlicensed; unlawful. It can also mean disapproved of or not permitted for moral or ethical reasons. activities such data theft and extortion through ransomwareRansomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction..

SPREAD VIA WORD DOCUMENTS

The EMOTET group managed to take email as an attack vector to the next level. Through a fully automated process, EMOTET malware was delivered to the victims’ computers via infected e-mail attachments.  A variety of different lures were used to trick unsuspecting users into opening these malicious attachments. In the past, EMOTET email campaigns have also been presented as invoices, shipping notices, and information about COVID-19.

All these emails contained malicious Word documents, either attached to the email itself or downloadable by clicking on a link within the email itself. Once a user opened one of these documents, they could be prompted to “enable macros” so that the malicious code hidden in the Word file could run and install EMOTET malware on a victim’s computer.

ATTACKS FOR HIRE

EMOTET was much more than just malware. What made EMOTET so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomware, onto a victim’s computer.

This type of attack is called a ‘loader’ operation, and EMOTET is said to be one of the biggest players in the cybercrime world as other malware operators like TrickBot and Ryuk have benefited from it.

Its unique way of infecting networks by spreading the threat laterally after gaining access to just a few devices in the network made it one of the most resilient malware in the wild.

Disruption of EMOTET’s Infrastructure

The infrastructure that was used by EMOTET involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts.

To severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy. It resulted in this week’s action whereby law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside. The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure.  This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime.

How To Protect Oneself Against Loaders

Many botnets like EMOTET are polymorphic in nature. This means that the malware changes its code each time it is called up. Since many antivirus programs scan the computer for known malware codes, a code change may cause difficulties for its detection, allowing the infection to go initially undetected.

A combination of both updated cybersecurity tools (antivirus and operating systems) and cybersecurity awareness is essential to avoid falling victim to sophisticated botnets like EMOTET. Users should carefully check their email and avoid opening messages and especially attachments from unknown senders. If a message seems too good to be true, it likely is and emails that implore a sense of urgency should be avoided at all costs.

As part of the criminal investigation conducted by the Dutch National Police into EMOTET, a database containing e-mail addresses, usernames and passwords stolen by EMOTET was discovered. You can check if your e-mail address has been compromised.  As part of the global remediation strategy, in order to initiate the notification of those affected and the cleaning up of the systems, information was distributed worldwide via the network of so-called Computer Emergency Response Teams (CERTs).

The Future

While this and other malware & cyber threats have not gone away forever, actions like this make us safer, but we must always be on our guard – every minute of the day! Cybercriminals never give up and they are after your data, your identity, and your money!

We recommend that you always have a malware security solution installed on your devices – SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS. suggests Malware Bytes

We also recommend that everyone learn the basics of cybersecurity. We suggest that you visit our SCARS Partner www.Wizer-Training.com for their free Cybersecurity training, plus use our free cybersecurity training here:

• Free Cybersecurity Awareness Training [Presentation / Slideshow] – SCARS™ Training
• Cybersecurity for Small Businesses – SCARS™ Guide
• Scams And Your Small Business – SCARS™ Guide
• Las Estafas y Su Pequeño Negocio – Información de SCARS|LATINOAMERICA™

Make Sure You Check

You can check if your e-mail address has been compromised here

The following Law Enforcement authorities took part in this operation:

• Europe: Europol
• Netherlands: National Police (Politie), National Public Prosecution Office (Landelijk Parket)
• Germany: Federal Criminal Police (Bundeskriminalamt), General Public Prosecutor’s Office Frankfurt/Main (Generalstaatsanwaltschaft)
• France: National Police (Police Nationale), Judicial Court of Paris (Tribunal Judiciaire de Paris)
• Lithuania: Lithuanian Criminal Police Bureau (Lietuvos kriminalinės policijos biuras), Prosecutor’s General’s Office of Lithuania
• Canada: Royal Canadian Mounted PoliceRCMP The Royal Canadian Mounted Police (RCMP) // Gendarmerie royale du Canada (GRC)), colloquially known as the Mounties, and is the federal and national police service of Canada, providing law enforcement at the federal level. The RCMP also provides provincial policing in eight of Canada's provinces (all except Ontario and Quebec) and local policing on a contract basis in the three territories (Northwest Territories, Nunavut, and Yukon) and more than 150 municipalities, 600 Indigenous communities, and three international airports. The RCMP do not provide active provincial or municipal policing in Ontario or Quebec. However, all members of the RCMP have jurisdiction as a police officer in all provinces and territories of Canada.
• United States: Federal Bureau of Investigation, U.S. Department of Justice, US Attorney’s Office for the Middle District of North Carolina
• United Kingdom: National Crime Agency, Crown Prosecution Service
• Ukraine: National Police of Ukraine (Національна поліція України), of the Prosecutor General’s Office (Офіс Генерального прокурора)

TAGS: SCARS, Cybercrime, Crybercriminals,  Cybercrime Victims, Online Crime Is Real Crime, Malware Avoidance, Ransomware, EMOTET, EMPACT, Europol, Botnet, Malware, Computer Virus, Email Compromise