{"id":35524,"date":"2021-01-28T16:11:09","date_gmt":"2021-01-28T14:11:09","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=35524"},"modified":"2025-08-29T01:43:02","modified_gmt":"2025-08-28T22:43:02","slug":"law-enforcement-dismantles-the-worlds-most-dangerous-emotet-botnet","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/law-enforcement-dismantles-the-worlds-most-dangerous-emotet-botnet\/","title":{"rendered":"Law enforcement dismantles the &#8216;world&#8217;s most dangerous&#8217; Emotet botnet"},"content":{"rendered":"<p>With joint efforts by the authorities of the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, Europol said the Emotet botnet has been dismantled. It was described as the world&#8217;s most dangerous malware.<!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Bye-bye botnets\ud83d\udc4b Huge global operation brings down the world\u2019s most dangerous malware.<\/p>\n<p>Investigators have taken control of the Emotet botnet, the most resilient malware in the wild.<\/p>\n<p>Get the full story: <a href=\"https:\/\/t.co\/NMrBqmhMIf\">https:\/\/t.co\/NMrBqmhMIf<\/a> <a href=\"https:\/\/t.co\/K28A6ixxuM\">pic.twitter.com\/K28A6ixxuM<\/a><\/p>\n<p>\u2014 Europol (@Europol) <a href=\"https:\/\/twitter.com\/Europol\/status\/1354398832759599104?ref_src=twsrc%5Etfw\">January 27, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Primarily the malware spread via email, using infected attachments disguised as Word documents.<\/p>\n<blockquote>\n<p>\u00abEmotet became so dangerous because the malware was offered for rent to cybercriminals to install other types of malware on the victim\u2019s computer, such as banking trojans or ransomware\u00bb, Europol said.<\/p>\n<\/blockquote>\n<p>As a result of the operation, law enforcement gained control over the botnet\u2019s infrastructure and disrupted its operation.<\/p>\n<p><span style=\"font-weight: 400;\">The Dutch authorities said that two of the three main Emotet command servers were located in their country. They used their access to the command servers for <\/span><a href=\"https:\/\/www.zdnet.com\/article\/authorities-plan-to-mass-uninstall-emotet-from-infected-hosts-on-march-25-2021\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">deploying an update<\/span><\/a><span style=\"font-weight: 400;\"> on all infected hosts.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It contains a special code that will remove Emotet from all infected devices on 25 April 2021.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Experts say that this will essentially reboot Emotet and botnet operators will have to \u201cstart from scratch.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Dutch authorities also uncovered a database with email addresses, usernames and passwords stolen using Emotet.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Ukrainian cyberpolice identified two suspects \u2014 Ukrainian citizens believed to be facilitating the botnet\u2019s infrastructure.<\/span><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Together with international colleagues, a transnational group of hackers has long distributed one of the most dangerous malware &#8220;EMOTET&#8221;<\/p>\n<p>Details: <a href=\"https:\/\/t.co\/dljxHVS608\">https:\/\/t.co\/dljxHVS608<\/a> <a href=\"https:\/\/t.co\/LKw7LA0mFc\">pic.twitter.com\/LKw7LA0mFc<\/a><\/p>\n<p>\u2014 Cyberpolice Ukraine (@CyberpoliceUA) <a href=\"https:\/\/twitter.com\/CyberpoliceUA\/status\/1354478141574701063?ref_src=twsrc%5Etfw\">January 27, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><span style=\"font-weight: 400;\">According to available data, the damage from Emotet&#8217;s activity to banks and financial institutions in the US and the EU amounted to $2.5 billion.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Head of the Operational Division of the European Cybercrime Centre Fernando Ruiz<\/span> <a href=\"https:\/\/www.zdnet.com\/article\/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">stated<\/span><\/a><span style=\"font-weight: 400;\"> that Emotet participates in 30% of all malware attacks.<\/span><\/p>\n<blockquote>\n<p><span style=\"font-weight: 400;\">\u00abFor a long time, Emotet has been our number one threat\u00bb, said he.<\/span><\/p>\n<\/blockquote>\n<p><span style=\"font-weight: 400;\">Earlier the US authorities, together with Bulgarian law enforcement, conducted an operation aimed at <a href=\"https:\/\/forklog.com\/en\/news\/us-and-bulgarian-authorities-report-successful-operation-against-netwalker-ransomware\"><span style=\"font-weight: 400;\">disruption of NetWalker ransomware operations<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog Feed<\/a> \u2014 all the news, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With joint efforts by the authorities of the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, Europol said the Emotet botnet has been dismantled. It was described as the world&#8217;s most dangerous malware.<\/p>\n","protected":false},"author":1,"featured_media":35525,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1573,1154,1444],"class_list":["post-35524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-botnet","tag-crimes","tag-law-enforcement"],"aioseo_notices":[],"amp_enabled":true,"views":"9","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=35524"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35524\/revisions"}],"predecessor-version":[{"id":35526,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35524\/revisions\/35526"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/35525"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=35524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=35524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=35524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}