A planetary hunt, carried out for several years by police forces around the world, has just allowed the takeover and neutralization of Emotet, the cybercriminal infrastructure considered to be the most poisonous in the world.
Sophisticated and sprawling, its architecture is drawn in two parts.
"It was made up of several hundred servers responsible for distributing malicious software (malware) which, through an e-mail containing a questionable link or an infected document, made it possible to compromise the machines"
, confides to
Figaro
the Comptroller General Catherine Chambon, Deputy Director of the fight against cybercrime at the Central Directorate of the Judicial Police (DCPJ).
If the victims open the attachment or click on the link, the worm is in the fruit and the malware is installed.
The computer then becomes vulnerable.
In a second part, a command and control system (C&C) allowed hackers to remotely control the "botnet", that is to say the networking of computers transformed into a veritable army of "zombie" machines. .
Read also:
The crisis widens the scope of cyber attacks against businesses
"The Emotet infrastructure acted essentially to open the doors of IT systems on a global scale"
, explains Europol.
Once unauthorized access was established, hacked and remotely controlled computers were offered for sale or rental to other high-profile criminal groups, to carry out various illicit activities such as data looting, installation of Trojans and extortion by "ransomware".
For years, this malware has mainly paralyzed private computers, then forced to pay a few hundred euros in ransom in return for hypothetical releases.
International coordination
"
Ransomware is increasingly targeting companies, which offer sufficient financial resources to pay more attractive amounts for criminals,
"
Catherine Chambon
confides in
Figaro
.
According to our information, some ransom demands have already crossed the million euros mark.
A colossal sum that specialists advise against paying in exchange for a key allowing at best a random decryption of the encrypted machine.
Discovered for the first time as a banking Trojan horse in 2014, Emotet evolved before being considered by Europol as
"the essential turnkey solution for cybercriminals over the years"
.
"Polymorphic, it changes its code each time it is called to foil the detection of antiviruses"
, adds the European police agency.
Read also:
Security: France is regrouping its forces within the “Cyber Campus”
As early as 2016, the specialized police officers of the DCPJ had observed the rise in power of a “phishing” campaign via the distribution of links and attachments of fictitious invoices or even false information on the Covid-19.
Acting three years later under the direction of the specialized “J3” section of the Paris prosecutor's office, the cyber police officers gradually tracked down Emotet and located no less than thirty servers in France.
Under the aegis of Europol and Eurojust, they have taken part in a large-scale operation in recent days.
Coordinated with their German, British, Dutch, Canadian, Lithuanian, Ukrainian counterparts but also with American agents of the FBI, it made it possible to
"take control of Emotet"
and
"to dismantle it from the inside"
before its release. day.
The investigations, which are continuing, could lead to spectacular developments likely to undermine part of organized crime.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/DOALQJA6RHOY7ZCMKQY2RQBFY4.jpg)
