Authorities from the United States, Canada and six European countries carried out a joint operation to disrupt Emotet, a polymorphic malware involving several hundreds of servers.
Ukrainian National Police said in a statement released on Wednesday that Emotet’s activities have been blocked and that two Ukrainian citizens that participated in the scheme have been identified. A police video showed officers raiding a residence and seizing US dollars and other banknotes, computers and electronic equipment.
Additionally, Ukrainian authorities announced their coordinating efforts to detain members of an international hacker group that used Emotet’s infrastructure to carry out acts of cybercrime.
Over the last decade, the malicious software has targeted critical industries, including banking, healthcare and e-commerce, and has caused damages estimated at US$2.5 billion globally, according to the statement.
First discovered as a banking Trojan in 2014, Emotet evolved into a botnet, a network of compromised computers, that served as a hiring service for cybercriminals to install other malicious software.
Emotet disseminated through email containing malicious attachments or links, often using familiar branding to its recipients, with recent campaigns imitating PayPal receipts, shipping services, security warnings and even COVID-19 alerts.
Once the Emotet infected the device, it had the capacity to install additional malware to steal a victim's financial credentials or extort users through ransomware, blocking access to a computer system until the user paid a ransom.
