In January 2021, the FBI and other international law enforcement agencies worked together to take down one of the world's most notorious malware strains, Emotet.
After bringing down Emotet, the FBI asked Have I Been Pwned (HIBP) if there was a way to alert individuals and organizations that their accounts were affected.
How many credentials were harvested by Emotet?
To carry this out, the FBI handed over a trove of email addresses to HIBP—4,324,770 of them from all over the world. According to Troy Hunt, who founded the service, the emails came from two different data sources:
- "Email credentials stored by Emotet for sending spam via victims' mail providers.
- Web credentials harvested from browsers that stored them to expedite subsequent logins."
What if my credentials were stolen by Emotet?
Troy Hunt and the FBI provided some recommendations for anyone that finds themselves in this collection of data:
- "Keep security software such as antivirus up to date with current definitions. I personally use Microsoft Defender which is free, built into Windows 10, and updates automatically via Windows Update.
- Change your email account password. Also change passwords and security questions for any accounts you may have stored in either your inbox or browser, especially those of higher value such as banking."
Hunt also offers this reminder:
"In addition, all the old security best practices are obviously still important whether you find yourself in this incident or not: Use a password manager and create strong, unique passwords. Turn on 2-factor authentication wherever available. Keep operating systems and software patched."
What was Emotet?
Emotet was one of the most dangerous malwares in the world, according to Europol.
It was first discovered in 2014 as a banking trojan, and quickly evolved to become a perfect solution for cybercriminals anywhere.
It operated as a primary door opener for computer systems on a global scale. As soon as unauthorized access had been established, it would be sold to other criminal hackers so they could commit crimes like data theft and extortion through ransomware.
One way that Emotet was so effective was due to its ability to spread via Microsoft Word documents.
Emotet was also dangerous because it followed a malware-as-a-service model and was often sold to other cybercriminals for the purpose of installing different types of malware, like banking trojans or ransomware.
It was one of the most resilient malwares out there because of its unique way of infecting networks by spreading laterally after gaining access to only a couple devices.
Europol says Emotet is known to be one of the biggest players in the cybercrime world that benefitted other bad actors, such as TrickBot and Ryuk, tremendously.
For more information on the subject, read SecureWorld's article on the takedown of Emotet from earlier this year.