Emotet : Police Shut Down The Most Dangerous Botnet to Date (Videos)


The infrastructure of the most dangerous botnet to date, Emotet, was shut down as part of a coordinated operation by Europol and Eurojust. Thanks to the joint efforts of law enforcement agencies in the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada and Ukraine, specialists managed to seize control of the botnet's servers, shut down all its infrastructure and stop malicious activity.


As Europol explained, the Emotet infrastructure included hundreds of servers around the world, performing various functions, including the functions of managing infected computers, infecting new systems, etc.


“The infected vehicles of the victims were redirected to this infrastructure controlled by law enforcement agencies. This is a unique and new approach to effectively intercepting the activities of cybercrime collaborators, ”Europol said.


As part of the operation to suppress the activities of the cybercriminal group Emotet, officers of the Cyber ​​Police Department of the National Police of Ukraine arrested two people suspected of providing technical support to the botnet infrastructure. If found guilty, the defendants face up to 12 years in prison. During the investigation, the identities of the remaining members of the cybercriminal group were also identified and measures were taken to arrest them.


On March 25 this year, Europol will begin sending a new module to devices infected with Emotet that will remove malware from them.


As law enforcement has taken full control of the botnet and will soon begin distributing a module to remove it, it will be very difficult for Emotet to resume its operations.



The banking Trojan Emotet was first discovered in 2014, after which it evolved into a botnet used by the TA542 cybercriminal group (aka Mummy Spider). The botnet began to download the second stage malware onto infected systems - the QakBot Trojan, which downloads the ransomware ProLock or Egregor, and Trickbot, which, in turn, downloads the Ryuk and Conti Ransomware.

Previous Post Next Post