Hackers who stole $2.5 billion from European banks exposed in Ukraine

The Cyber Police has exposed a transnational hacker group, which had been spreading the computer virus EMOTET.

According to the statement by the Ministry of Internal Affairs’ (MIA) press office, this virus has caused $2.5 billion in damage to American and European banks and financial institutions.

How the scheme worked

As reported by the Attorney General’s Office, since 2014, a group of Ukrainian hackers using a piece of malware, the so-called encryption virus (“banking Trojan”), designed to steal personal data (passwords, logins, and payment details), has carried out massive interferences in the functioning of servers of both private and state-run banking institutions.

EMOTET’s infrastructure included servers around the world and was effectively a botnet. The “virus” was spread via spam mailouts, Word documents, Excel tables, and email messages.

After penetrating the target software, the virus used the “infected” device for further spamming, as well as install additional viruses. Consequently, the malware stole users’ personal data, including passwords, logins, browsing history, payment and banking details, etc. Later on, the perpetrators would transfer the money to their controlled accounts.

Simultaneous searches in eight countries

The Cyber Police, along with local law enforcement agencies, has conducted simultaneous searches in Ukraine, the Netherlands, Germany, France, Lithuania, Canada, the USA, and the UK.

As a result, the enforcers seized server equipment, computer hardware, and data storage media containing information about the companies targeted by the cyber-attacks. Banking cards, money, and secret ledgers with passwords, logins, and keys to services were also seized.

“Criminal proceedings are being conducted under Art. 361 (Unauthorized interference in the functioning of computers, automated systems, computer networks, or telecommunication networks), Art. 361-1 (Creation of malicious software or hardware with the purpose of usage, distribution, or sale), and Art. 190 (Fraud) of the Criminal Code of Ukraine. The attackers face up to 12 years of imprisonment, with confiscation of property,” the MIA comments.

Now, the activity of the EMOTET network, which was distributed across more than 90 servers in many countries, is completely blocked.