Through an international operation, authorities succeeded on Tuesday in breaking the infrastructure of the well-known malware Emotet, rendering it useless.
International cooperation makes it possible
Through the cooperation of the General Prosecutor’s Office Frankfurt am Main – Central Office for Combating Cybercrime (ZIT) and law enforcement agencies from England, Canada, the United States, France, Lithuania, Ukraine and from the Netherlands, the Federal Criminal Police Office (BKA) succeeded with Eurojust and Europol to smash the infrastructure of the ransomware Emotet and also to take control of it. The authorities were thus able to achieve an important milestone in cybersecurity.
Investigations since summer 2018
Investigations against the initiators of the Emotet ransomware and its botnet began back in August 2018. The Emotet ransomware is primarily known for infecting numerous companies and public authorities, including the Fürth hospital and the city of Frankfurt am Main. But private individuals were not spared from the malware either. It was the modular structure of the malware that made Emotet so dangerous. It all starts with a so-called “door opener”, which is then followed by further modules to ultimately take over the victim’s system. According to estimates, only in Germany caused damage of at least 14.5 million euros. .
Initially, the authorities in Germany in the process located several servers that circulated the ransomware and then controlled and also controlled the systems of the victims. Through extensive analyses, the authorities were able to track down or identify various servers in different European countries. Through international mutual legal assistance, more and more data was collected and ultimately the information led to the dismantling of the infrastructure. In Germany alone, 17 servers have already been seized by ZIT prosecutors and the BKA. Several servers were also seized in the other affected countries. Through coordinated action and excellent cooperation, Europol and Eurojust succeeded in taking control. As a result, the victim systems were rendered unusable for the cybercriminals and initially quarantined for further preservation of evidence.
Federal Office for Information Security supports those affected
The authorities forward the findings obtained from this to the Federal Office for Information Security (BSI). Among the data are the IP addresses of the victims, so it is possible for the BSI to inform the relevant German network operators. These in turn will contact the affected customers. The BSI will also provide assistance in cleaning up the victim systems.
