Prolific Botnet Is Disrupted by Six-Nation Enforcement Team

A law enforcement operation involving six countries, including the U.S. and U.K., disrupted one of the world’s most prolific botnets -- a network of computers infected with malware and used in cyber-attacks.

Known as Emotet, its malware has targeted a wide range of networks including global financial institutions and local school districts. Once infected, they become part of the Emotet botnet capable of infecting additional machines. Since April, Emotet has infected more than 1.6 million electronic devices and generated hundreds of millions of dollars in revenue for its criminal operators, who are largely in eastern Europe, according to the U.S. Department of Justice.

The Justice Department made its announcement a day after Europol unveiled the joint operation, including the arrest of multiple alleged members of the Emotet network.

Emotet was first identified in 2014 and gained notoriety by targeting banks and financial data. Since then, it has evolved into a spamming and malware service, according to cyber research firm Malwarebytes Inc. Its ability to evade detection had drawn the ire of the U.S. government which has branded Emotet among the world’s most dangerous malware with an estimated cleanup cost of $1 million per incident.

Emotet’s botnet spent much of 2020 spamming companies, governments, think thanks and schools across the world with Covid-themed emails, according to cybersecurity researchers. Once infected with the malicious software, hackers could then steal data or encrypt a victim’s files and demand ransom.

In 2017, the botnet infected a school district in North Carolina causing more than $1.4 million in damage while disabling the school’s network for about two weeks, according to an affidavit unsealed this week.

The operation against Emotet involved taking down core infrastructure in Lithuania, Sweden and Ukraine, according to the Justice Department. Authorities collaborated with local Ukrainian law enforcement who conducted a Jan. 26 raid “resulting in the arrest of several Ukrainian nationals allegedly responsible for running the botnet’s infrastructure,” according to a blog published by the cyber research firm, Intel 471.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.