The Europol and FBI reported that they have taken control of the Emotet botnet infrastructure which was recently used in high-profile attacks.
Police from the UK, EU, US, and Canada worked together to disable Emotet by seizing thousands of computers running it under “Operation Ladybird.”
Some of the servers were located in Germany, Netherlands while two suspects maintaining them were arrested in Ukraine.
Emotet was first used as a banking trojan in 2014 but was used for attacks on other industries afterward.
“Once this unauthorized access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware,” explained the Europol.
German police said Emotet had caused at least 14.5 million euros ($17.56 million) of damage in their country while its global damage was estimated at $2.5 billion.
Investigators said the operation could help quarantine more than a million Microsoft Windows systems that are infected with Emotet.
“This is probably one of the biggest operations in terms of impact that we have had recently and we expect it will have an important impact,” said Fernando Ruiz, head of operations at Europol’s European Cybercrime Centre (EC3).