Police Take Down 'Dangerous' Imote Botnet and NetWalker Ransomware Sites
Police Take Down 'Dangerous' Imote Botnet and NetWalker Ransomware Sites
Police agencies around the world, including the RCMP and FBI, say they have crippled one of the worst malware distribution networks by seizing the infrastructure behind the Emotet botnet.
In addition, US officials say the distribution of networker ransomware has also been disrupted. This includes charges against Canadians and the seizure of approximately $ 454,530 in cryptocurrency from ransom payments.
According to an indictment released today in Florida, Sebastian Vachon-Desjardins of Jatinue, Ky., Is alleged to have received at least US $ 27.6 million as a result of the offenses listed in the indictment.
Imotate Control Server in Canada
In a statement on Wednesday morning, the RCMP said 13 of the 50 command and control servers were located in Canada behind Emotet.
The week-long operation involved officials from the Netherlands, Germany, United Kingdom, France, Lithuania and Ukraine.
UPDATE: The ZDNet news service reports that law enforcement officials in the Netherlands are expected to deliver an update via a captured immotate server that will erase any malware distributed via botnet on 25 March.
According to the Europol Police Cooperative, law enforcement and judicial officers gained control of the Amotte infrastructure and "took it down inside" using a unique and new approach.
"Amotate is one of the most professional and long-lasting cyber crime services," Europol Police Cooperative said in a statement. First discovered in 2014 as a banking trojan, malware evolved over the years as a solution for cybercriminals. The Emotet infrastructure essentially served to open a primary gateway for computer systems globally. Once this unauthorized access was established, these were sold to other top-level criminal groups to deploy more illegal activities such as data theft and extortion through ransomware. "
According to RCMP, Emotet infected more than 1.7 million computers in 226 countries, including 6,000 in Canada. It is estimated that malware is the foundation for 60 percent of cyber attacks and acts as a digital precursor to a wide range of other extremely harmful malware, making it one of the most important current digital threats.
Emotet was a polymorphic threat, meaning that every time it was called, it changed its code.
Netwalker also goes down
The NetWalker ransomware group has also been killed by the police. According to online security researchers, anyone visiting the NetWalker Web site, where he lists his victims, is greeted with a sign that says, "This hidden site was seized by the Federal Bureau of Investigation have taken. The action has been done in coordination with the United States Attorney's Office for the Middle District of Florida and for the Computer Crime and Intellectual Property Section of the Department of Justice, organized crime with substantial assistance from the Bulgarian National Investigative Service and the General Directorate. "
In a January 27 statement, the US Department of Justice confirmed the seizure and said NetWalker frequently attacked the healthcare sector to take advantage of COVID-19 concerns.
Acting Assistant Attorney General Nicholas McCuid said, "We are coming back not only against criminal actors against responsible actors, but against disrupting criminal online infrastructure and increasing extortion threats wherever possible." Criminal Division of the Department of Justice. "Ransomware victims should be aware that coming forward to law enforcement as soon as possible after an attack can have significant consequences such as those achieved in today's multidisciplinary operation."
NetWalker is a ransomware-as-a-service operation that, in addition to installing ransomware, enables data theft to put more pressure on victims to pay. According to Cybercity vendor Varonis, the group (also known as Melto by some researchers) has raised more than US $ 30 million in ransom cash since its first significant attacks in March 2020.
No comments