The FBI has seen Emotet hit nearly every sector within the U.S.—paralyzing school systems, small and large businesses, non-profits, government services, and individuals. “Emotet did not discriminate,” Nye said.
Even if a victim of Emotet avoided a ransomware attack or direct financial loss, the disruptions and expense of remediating the infection were substantial. “Victims incurred substantial monetary costs to effectively clean compromised machines,” Nye stressed. According to the U.S. Cybersecurity and Infrastructure Security Agency, Emotet infections cost local, state, tribal, and territorial governments up to $1 million per incident to remediate.
Last week’s global action allowed law enforcement to dismantle the foundational components of Emotet’s operation—taking down multiple layers of infrastructure located around the world. “Through the combined efforts of the incredible FBI team, foreign partners, and private sector partners, the command and control network of Emotet was significantly impacted,” Nye said. “To recreate this botnet, the criminals would have to rebuild from scratch.”
The unprecedented effort closed off the access this malware had opened to millions of machines. “When you can take out the delivery arm of all these countless pieces of malware, it means greater protection and limiting the ability of cyber criminals to get onto machines throughout the globe,” Nye explained.
The FBI identified more than 45,000 computers and networks in the United States that had been recently affected by Emotet malware. “The Emotet malware on those machines is no longer harmful to those it infected,” Nye reassured.
The cyber strategy the FBI released in 2020 prioritized efforts to impose greater cost and risk to cyber criminals—relying on strong partnerships across every industry and around the world to do so. Nye said that the action on Emotet shows how the FBI can use its insight, expertise, and global reach to make an impact.
“The beauty of the FBI and our partnerships across the world is that they create remarkable opportunities to achieve a disruption,” Nye said. “It can mean finding new techniques like this one that targeted the infrastructure behind the malware.”