Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline

[silversurfer]

The virulent malware known as Emotet – one of the most prolific malware strains globally – has been dealt a blow thanks to a takedown by an international law-enforcement consortium.
 
Meanwhile, the NetWalker ransomware has also been subjected to partial disruption, according to the U.S. Department of Justice. More about the NetWalker action can be found here.
 
On the Emotet front, authorities in Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the United Kingdom and the United States have worked together to take down a network of hundreds of botnet servers supporting Emotet, as part of “Operation LadyBird.” The effort eliminated active infections on more than 1 million endpoints worldwide, they said.

Emotet is a loader-type malware that’s typically spread via malicious emails or text messages. It’s often used as a first-stage infection, with the primary job of fetching secondary malware payloads, including Trickbot, Qakbot and the Ryuk ransomware. Its operators often rent its infrastructure to other crime groups for use in achieving initial access into corporate networks. With an average rate of 100,000 to a half-million Emotet-laden emails sent per day, Europol has dubbed it the “world’s most dangerous malware.”

“It is a so-called ‘modular malware family’ that can install all kinds of additional malware on systems, steals passwords from browsers and email clients, and is very difficult to remove,” according to an announcement from Dutch police issued on Wednesday. “One of the things that makes Emotet so dangerous is that Emotet opens the door to other types of malware, as it were. Large criminal groups were given access to some of those systems for payment to install their own malware. Concrete examples of this are the financial malware Trickbot and the ransomware Ryuk.”

The infrastructure that international police seized was wide-ranging, authorities said. “Some servers were used to keep a grip on already infected victims and to resell data, others to create new victims, and some servers were used to keep police and security companies at bay,” according to the Dutch police.
 
An announcement from Europol added, “The infrastructure that was used by Emotet involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts.”

Read more: https://threatpost.com/emotet-takedown-i...ne/163389/