Emotet is considered one of the world's most dangerous botnet-powered malware.
And this time, authorities form numerous government agencies have taken control of the botnet's infrastructure. In a joint operation, the authorities from eight countries have successfully disrupted Emotet, taking down one of the most prolific malware behind many ransomware attacks.
Emotet first emerged as banking trojan in 2014, before quickly evolving into a trojan capable of creating backdoors into Microsoft Windows-powered systems via automated phishing emails that distribute malicious Word documents.
Those behind the Emotet lease their army of infected machines called botnets, to other cyber criminals as a gateway for additional malware attacks, including remote access tools (RATs) and ransomware.
From the Dutch National Police, Germany's Federal Crime Police, France's National Police, the Lithuanian Criminal Police Bureau, the Royal Canadian Mounted Police, the US Federal Bureau of Investigation, the UK's National Crime Agency, and the National Police of Ukraine, the agencies have coordinated action that was two years in planning, which has resulted investigators taking control of the infrastructure controlling Emotet.

“The Emotet malware quickly elevated to one of the top cyber threats in the world,” said Special Agent in Charge Robert R. Wells of the FBI Charlotte Field Office, as quoted in a post on the Department of Justice's website.
“The strong relationships with international law enforcement partners were critical to the success of this FBI investigation which began with a small North Carolina school system that did the right thing and quickly contacted their local FBI office for help.”
Europol describes as "the world's most dangerous malware," and "one of the most significant botnets of the past decade."
On its own post on Europol's website, the authorities said that operations like Ryuk ransomware and TrickBot banking trojan hired access to machines compromised by Emotet in order to install their own malware.
Emotet's campaigns were regularly altered to provide the best chance of luring victims into falling for the attacks. In December 2020, following the 'COVID-19' coronavirus pandemic, Emotet was considered the most wanted malware of the year.
Because of this, the takedown of Emotet represents one of the most significant actions against a malware operation and cyber criminals in recent years.
"This is probably one of the biggest operations in terms of impact that we have had recently and we expect it will have an important impact," said Fernando Ruiz, head of operations at Europol's European Cybercrime Centre (EC3). "We are very satisfied."
Through the operations, the many agencies around the world gained control of Emotet's infrastructure that consisted of hundreds of servers around the world, and disrupted it from the inside.
With Emotet's servers under the enforcement's control, cyber criminals can no longer control the botnets, stopping them from using the malware to exploit compromised systems.
The malware can also no longer spread to new targets, meaning that this should cause significant disruption to cyber criminals' operations.
"Emotet was our number one threat for a long period and taking this down will have an important impact. Emotet is involved in 30% of malware attacks; a successful takedown will have an important impact on the criminal landscape," explained Fernando Ruiz.
"We expect it will have an impact because we're removing one of the main droppers in the market – for sure there will be a gap that other criminals will try to fill, but for a bit of time this will have a positive impact for cybersecurity," he added.

And also because Emotet's servers are in the authorities' possession, the authorities have the idea of who are the victims of this notorious malware.
Investigations into the servers uncovered a database of stolen email addresses, usernames and passwords.
Because of this, the team has been assembled, with plans to work with Computer Emergency Response Teams (CERTs) around the world to help those known to be infected with Emotet.
It is reported that the law enforcement officials in the Netherlands are in the process of delivering an Emotet update that should remove the malware from all infected computers on April 25, 2021.
In order to help protect against malware threats like Emotet, Europol recommends using antivirus tools along with fully updated operating systems and software. This way, known exploits should be patched, stopping cyber criminals on their tracks.
At this time, the investigation into Emotet, and identifying the authors responsible for running it, is still ongoing.
The Emotet disruption came on the same day that the authorities in the U.S. and Bulgaria disrupted the NetWalker operation.













































































































































































































































































































































































