Taking down Emotet: new documentary tells how the world’s biggest cybercrime business was taken down
August 2021 by Kaspersky
Tomorrow Unlocked, Kaspersky’s documentary production unit, is releasing the latest episode of its hacker:HUNTER series ‘Emotet vs The World Police’. The film reveals the details of an international operation, which resulted in the takedown of Emotet, one of the most dangerous botnets and cybercrime services of the past decade. The documentary is exclusively premiering on Tomorrow Unlocked’s YouTube channel on 18th August. This is the fifth episode in the hacker:HUNTER real cybercrime series.
Through the eyes of prosecutors and police officers from Germany, the Netherlands and Ukraine, the film recounts how international police cooperation brought down this extraordinary cyber-criminal business. Internationally recognised cyber security researchers add a broader perspective and try to predict what might come after Emotet. “The police were able to stop these criminals, because they started thinking like cybercriminals,” states a researcher, summing up the operation in the documentary.
Emotet essentially was at the forefront of the commoditisation of network access, functioning as a background facilitator for cybercrime that happened around the globe. In some ways, Emotet was akin to the organised mob of the 20th century – offerings the means to commit the crimes; in the later years of their operation, they never really carried out the attacks themselves, which made them hard to catch. Emotet opened up doors to cybercrime groups that launched severe attacks on various high-value targets and organisations that are often considered off-limits – such as hospitals.
First discovered in 2014, Emotet continually evolved and became extremely dangerous, with its operators maintaining and selling access and tools to hundreds of thousands of devices worldwide for those to be later infected with various malware, such as ransomware, banking Trojans. The botnet was spread through malicious attachments in spam messages – once such attachment was opened, the device would be infected with malware and therefore open to infection with other threats. This approach, albeit, quite common among various cyber actors, made Emotet stand out thanks to its immense scale.
Due to its vast decentralised infrastructure spread across multiple countries, Emotet’s was widely successful and almost impossible to take down. That is, until January 2021 when Europol announced the shutdown of Emotet’s operations and arrested key actors of the gang. The operation, sanctioned by Europol and executed in close cooperation between multiple governmental authorities from various countries in Europe and beyond, was a necessity in making the arrests of Emotets’ operations successful.
The new Hacker:Hunter film follows the story behind Emotet’s dealings and the operation that led to Emotet’s demise, offering a glimpse behind the scenes and sharing the experiences of people that led the investigation. The feature was directed by Jessica Benhamou and produced by Max Peltz and Stephen Robert Morse. The hacker:HUNTER series was created by Hugo Berkeley, who also directed the first two documentaries of the series - about the Carbanak group and the WannaCry ransomware attack. Full credits can be found on IMDB.
“As cybercrime progresses and cybercriminals work together, we see that the authorities have to offer a corresponding response and work closely to fight the threats and people behind them. I think often people do not realise how much effort actually goes into bringing a cybergang down. I am excited that we got to show how many passionate, dedicated people across the borders worked together to make this happen”, says Jessica Benhamou, the director of ‘hacker:HUNTER Ha(ck)cine’.