Program was launched to remove files from the virus and turn off malicious code that was already under the control of the authorities.
A program developed by the German police was launched on Sunday (25) to uninstall the Emotet virus from the computers on which it was still active.
The uninstallation program was sent to the contaminated systems as an “update” of the virus after authorities took control of the Emotet infrastructure in January.
The activation of the code was scheduled for April 25th so that authorities, users and companies had more time to collect evidence of the action of the digital plague.
However, as the infrastructure was already being controlled by the police, the contaminated systems did not receive new commands from the criminals.
According to expert analysis, the uninstallation program deletes Emotet files and settings so that the virus will no longer run on computers.
Although the operation that took the infrastructure of Emotet out of the hands of the criminals had the cooperation of authorities from several countries, the creation of the program was the responsibility of the German police.
Before being dismantled, Emotet functioned as a “zombie rental network”. That is, criminals sold access to contaminated computers to other gangs to carry out their fraud.
One of the programs installed by Emotet was Trickbot, which in turn was responsible for installing the Ryuk rescue virus.
In January, the police also arrested two individuals charged with keeping Emotet servers on the air. The authorities are still looking for those responsible for the operation.
Police acting against hackers
Police actions against hackers have directly affected users victimized by attackers: computers are being decontaminated and data shared with companies feed tools to restore systems.
In 2015, the Dutch police began cooperation with Russian antivirus maker Kaspersky, sharing seized data that the company would use to create tools capable of recovering files.
The project expanded and became the “No More Ransom” initiative, with several other companies in the industry and Europol.
The FBI recently revealed that it obtained authorization from the courts to use the command channels left by hackers and uninstall the tools without prior notice.
Emotet, in turn, demanded the development of a personalized tool by the police, which was actively distributed as an “update”.
Because it is a zombie rental network, the ability to download and run any program defined by the control system is essential for Emotet to do its job. The police were able to take advantage of this to distribute the uninstall software.
The program, however, will not be able to remove other viruses downloaded by Emotet before police action in January.
While collaboration with private companies to create tools is not controversial, cases like this are still treated as exceptionalities, since they “force” contaminated systems to run software created by the police.