The Cyber Police unmasked a transnational group of hackers who were spreading the EMOTET computer virus.
According to a statement from the press office of the Ministry of Internal Affairs (MIA), this virus has caused damages of 2.5 billion dollars to American and European banks and financial institutions.
How the scheme worked
As reported by the Attorney General’s Office, since 2014 a group of Ukrainian hackers has been using a malware, the so-called cryptographic virus (“banking trojan”), designed to steal personal data (passwords, logins and payment details), has carried out massive interference in the functioning of the servers of both private and state banking institutions.
EMOTET’s infrastructure included servers all over the world and was effectively a botnet. The “virus” was spread through spam messages, Word documents, Excel tables and e-mail messages.
After penetrating the target software, the virus used the “infected” device for further spamming, as well as installing other viruses. As a result, the malware stole users’ personal data, including passwords, logins, browsing history, payment and banking details, etc. Later, the authors would transfer the money to their controlled accounts.
Simultaneous searches in eight countries
The Cyber Police, together with local law enforcement, conducted simultaneous searches in Ukraine, the Netherlands, Germany, France, Lithuania, Canada, the United States and the United Kingdom.
As a result, law enforcement officials seized server equipment, computer hardware, and data storage media containing information about the companies targeted by the cyber attacks. Bank cards, money and secret ledgers with passwords, accesses and keys for services were also seized.
“Criminal proceedings are underway pursuant to art. 361 (Unauthorized interference in the operation of computers, automated systems, computer networks or telecommunications networks), art. 361-1 (Creation of malicious software or hardware for the purpose of use, distribution or sale) and Art. 190 (Fraud) of the Criminal Code of Ukraine. The attackers face up to 12 years of imprisonment, with confiscation of property ”, comments the MIA.
Now, the activity of the EMOTET network, which has been spread over more than 90 servers in many countries, is completely blocked.