Thursday 28 Jan 2021 @ 16:15
National Crime Agency
Printable version

NCA in international takedown of notorious malware Emotet

A malware botnet that was used by cybercriminals to infiltrate thousands of companies and millions of computers worldwide has been taken down in an international operation.

The National Crime Agency worked with law enforcement partners across Europe and North America for nearly two years to map the infrastructure of Emotet – a pervasive malware that not only infected computers, but also enabled other malware to gain access and cause significant damage to victim networks.

Europol and Eurojust co-ordinated the operation, which saw the takedown actioned recently (26 January 2021) and searches of properties take place in Ukraine.

NCA investigators led the financial arm of the investigation which included tracking how the criminal network behind the malware was funded, where that funding went and who was profiteering.

Emotet was first discovered as a banking Trojan in 2014 and subsequently gained a reputation amongst the cyber crime community as a key tool to open the door for other malwares and ransomware.

Cybercriminals used Emotet as their first port of call. A botnet would send out emails to unsuspecting victims or companies with the malware either embedded in the email as a downloadable link, or included as a word doc attachment.

When people clicked into the attachments or links, they were prompted to enable content to view the document, but in doing so allowed the malware to install and take hold of their computers.

Emails would often relate to shipping notifications but would also use current events, such as Covid-19 in recent attacks, to entice recipients.

Working with Emotet data, the NCA gained insight of the movement of illicit funds to pay for the infrastructure.

Analysis of accounts used by the group behind Emotet showed $10.5 Million being moved over a two-year period on just one Virtual Currency platform. NCA investigators were able to identify that almost $500,000 had been spent by the group over the same period to maintain its criminal infrastructure.

Further criminal servers identified by the NCA were also taken offline during the same operation, with at least 700 servers taken down globally with partners.

Nigel Leary, Deputy Director of the National Cyber Crime Unit, yesterday said:

“Emotet was instrumental in some of the worst cyber attacks in recent times and enabled up to seventy percent of the world’s malwares including the likes of Trickbot and RYUK, which have had significant economic impact on UK businesses.

“Working with partners we’ve been able to pinpoint and analyse data linking payment and registration details to criminals who used Emotet.

“This case demonstrates the scale and nature of cyber-crime, which facilitates other crimes and can cause huge amounts of damage, both financially and psychologically.

“Using our international reach, the NCA will continue to work with partners to identify and apprehend those responsible for propagating Emotet Malware and profiting from its criminality.”

 

Channel website: http://www.nationalcrimeagency.gov.uk/

Original article link: https://nationalcrimeagency.gov.uk/news/nca-in-international-takedown-of-notorious-malware-emotet

Share this article

Latest News from
National Crime Agency

Dutch national faces decade behind bars for cocaine smuggle attempt

25/04/2024 11:15:00

A 41-year-old man who was caught with a car boot full of cocaine at an Essex port has been jailed for 10-and-a-half years following a National Crime Agency investigation.

Albanian people smuggler jailed over small boats crossings

23/04/2024 15:15:15

An Albanian man who organised small boats crossings for migrants, including children as young as five, has been jailed after a National Crime Agency investigation.

European police chiefs call for end-to-end encryption roll out to include public protection measures

22/04/2024 16:15:00

The Director General of the National Crime Agency and European Police Chiefs are calling for industry and governments to take urgent action to ensure public safety across technology platforms.

Pair jailed for attempt to smuggle migrants out of the UK

22/04/2024 09:15:00

Two men who attempted to smuggle migrants from the UK to France in the back of a lorry have been sentenced following a National Crime Agency (NCA) investigation.

Operation Venetic: Senior leader of Merseyside gang that shipped class A drugs between England and Scotland is convicted

17/04/2024 12:10:00

A high-ranking member of an organised crime group (OCG) that trafficked heroin and cocaine has been convicted following his extradition by the National Crime Agency.

Four arrested on suspicion of smuggling money from UK to Albania

16/04/2024 11:15:00

Four alleged members of an organised crime group that specialises in smuggling criminal cash out of the country and into Albania have been arrested in a National Crime Agency investigation.

Plumber who converted blank firing guns into lethal weapons jailed for seven years

15/04/2024 16:15:00

A plumber who converted blank firing guns into lethal weapons has been jailed for seven years and two months following a National Crime Agency investigation.

UK arrest in €645 million international investment scam

15/04/2024 10:10:00

The National Crime Agency has arrested a senior staff member of a scam company, joining law enforcement across the continent to crack down on “JuicyFields” – a notorious and elaborate Ponzi scheme.

Operation Venetic: Drug supplier who boasted about space for 10 cars jailed for 20 years

12/04/2024 14:15:00

A drug supplier who tried to hide his criminal activity by using the Encrochat encrypted messaging service has been jailed for 20 years after the National Crime Agency uncovered his true identity.