Having responded to numerous malware and ransomware incidents, it is clear that cyber threats are persistent but not impenetrable. The thing that pokes holes in company’s IT environments, can itself be vulnerable as a recent incident with Emotet has proven. This recent occurrence can hopefully provide businesses with assurance that government, like private industry, is working hard to push back on cyber threats.
What is it?
Emotet is an extremely well-traveled bit of malware. It has been spread far and wide across the globe and led to countless data incidents via automated phishing emails. By luring recipients to not only open a spam email, but then download an attachment or click a link, whether it be a fake invoice or COVID-19 vaccine information, Emotet tricked recipients into installing malware on their system that then opens a gateway to the botnet’s system. And continuously, since 2014, the Emotet botnet runs more phishing campaigns, convinces more individuals to download malware masked as attachments, and opens more gateways to more Windows systems, calling out and then preserving a point of access to an unsuspecting party.
Why is it dangerous?
Think of every successful introduction of Emotet malware onto a computer as opening a gateway to that system. Then think of all the gateways being amassed by the group that controls Emotet. Now imagine that team saying to a global community of cyber attackers, “Which gateways would you like to purchase access to in order to deploy your ransomware or whatever attack you have in mind?” The result has been, according to Ukrainian law enforcement, $2.5 billion in damages by resulting attacks. Popular ransomware variants like Ryuk are known to be paying for that access and contributing to the resulting financial hardship. So Emotet may not be the illegal drug, but they are the needle delivering it.
The FBI, Europol, Canada’s Royal Mounted Police, the National Police of Ukraine, the UK’s National Crime Agency and other international law enforcement agencies, with the aid of private researchers, embarked on an expansive raid on Emotet, reportedly two years in the making. Operation Ladybird, as it was known, sought to take over a command-and-control network of servers in over 90 countries. The result? A success. The Emotet disruption was pulled off by replacing the machines at the center of the botnet’s infrastructure with the computers of law enforcement, allowing law enforcement to negate any further requests from the malware to the botnet and prevent any malicious activity. The infrastructure that controls the Emotet operation is now under the control of law enforcement and now the botnet responsible for up to 30% of all malware attacks is offline, leaving those who once relied on purchasing access to those gateways for deploying cyber-attacks at a loss for access.
The Beckage Team has extensive experience counseling clients on data security matters, breach response preparedness, and breach coach services. We have also worked on headline-making data incidents, including those associated with malware and ransomware strains like Emotet and Ryuk. Our team can be reached anytime via our 24/7 data breach hotline at 844-502-9363 or by emailing IR@beckage.com.
*Attorney Advertising; prior results do not guarantee similar outcomes.