U.S. and European law enforcement agencies last week conducted an extraordinary crackdown on Emotet, a botnet of infected computers that has defrauded victims of millions.
The operation involved officials from nine governments, but one move was decisive: Dutch police used their cyber authorities to infiltrate Emotet infrastructure. They slipped a software update onto the servers that cut off communications between infected computers and the botnet, halting its spread.
For the FBI, it was a lesson in how its foreign allies are sometimes better positioned than the bureau to make an arrest or even deploy offensive cyber capabilities. The bureau had tracked Emotet since 2017, when it caused more than $1.4 million to a North Carolina school’s computer systems.
The Department of Homeland Security has estimated that it cost an average of $1 million to clean up after each Emotet incident, though officials were not more specific in how they came up with that figure. An FBI official on Friday suggested the total cost to U.S. victims of the digital crime tool was in the hundred of millions of dollars.
But American agents couldn’t reach Emotet’s sprawling computer infrastructure on their own.
“That’s the reason that partnering with other law enforcement agencies is so important,” a senior FBI cyber official said in a press call Friday. It’s an example of “working within the legal frameworks of each individual partner to make sure that we have the greatest impact that we can within the law,” the official said, referring to the Dutch cyber operation.
It remains unclear whether Emotet’s operatives will effectively rebuild their operations. Botnets often survive until their masterminds are in handcuffs, according to experts.
“We aren’t naïve to the fact that there will be attempts to build this infrastructure back up,” said another FBI official.
The briefing came as an FBI-led task force issued a fresh warning about the costs of ransomware, noting that a U.S. city spent $9 million rebuilding its computer systems rather than pay a…