{"id":39347,"date":"2021-01-27T17:13:30","date_gmt":"2021-01-27T17:13:30","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/"},"modified":"2021-01-27T17:13:30","modified_gmt":"2021-01-27T17:13:30","slug":"command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/","title":{"rendered":"Command &#8216;n&#8217; control botnet of notorious Emotet Windows ransomware shut down in multinational police raid"},"content":{"rendered":"<p>EU police agency Europol has boasted of taking down the main botnet powering the Emotet trojan-cum-malware dropper, as part of a multinational police operation that included raids on the alleged operators\u2019 homes in the Ukraine.<\/p>\n<p>\u201cTo severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy. It resulted in this week\u2019s action whereby law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside,\u201d said Europol in a jubilant statement this afternoon.<\/p>\n<div class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",button,mpu,\" data-sm=\",button,mpu,\" data-md=\",button,banner_plus,mpu\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Police forces from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.europol.europa.eu\/newsroom\/news\/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action\">all took part<\/a> in the takedown.<\/p>\n<p>\u201cAnalysis of accounts used by the group behind Emotet showed $10.5m being moved over a two-year period on just one Virtual Currency platform,\u201d said Britain\u2019s National Crime Agency, which <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.nationalcrimeagency.gov.uk\/news\/nca-in-international-takedown-of-notorious-malware-emotet\">added<\/a>: \u201cNCA investigators were able to identify that almost $500,000 had been spent by the group over the same period to maintain its criminal infrastructure.\u201d<\/p>\n<div class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",button,mpu_plusplus,\" data-sm=\",button,mpu_plusplus,\" data-md=\",button,mpu_plusplus,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>According to the agency, the botnet was used to &#8220;infiltrate thousands of companies and millions of computers worldwide.&#8221;<\/p>\n<p>Ukrainian police published a remarkable YouTube video this afternoon, entirely in Ukrainian and embedded below, showing a raid on an alleged operator\u2019s home. The video pictures dusty PCs and servers, large numbers of hard drives and (at about 1m50s) what looks like miniature gold bars.<\/p>\n<p> <a href=\"https:\/\/www.youtube.com\/watch?v=_BLOmClsSpc\" data-media=\"x-videoplayer\">Youtube Video<\/a>\n<\/p>\n<h3 class=\"crosshead\"> <span>What is Emotet and why is this a big deal?<\/span><br \/>\n<\/h3>\n<p>Emotet is a frustratingly persistent email-delivered malware dropper <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/02\/10\/emotet_spreads_over_wifi\/\" rel=\"noopener noreferrer\">aimed at Windows machines<\/a>. Intended targets are bombarded with emails containing Word documents as attachments. Once the mark is fooled into opening the attachment (typical lure themes include information about topical news such as COVID-19 statistics, supplier invoices and bank letters) and running macros embedded within it, the malware is deployed.<\/p>\n<p>Originally Emotet itself was used for stealing online banking credentials, though later evolutions of it focused more on its ability to infect targets\u2019 computers with any given malware.<\/p>\n<p>The malware\u2019s moneymaking potential hinged on that so-called dropper functionality: the criminals behind Emotet could rent it out to other malware or ransomware gangs. A common payload was <a target=\"_blank\" href=\"https:\/\/search.theregister.com\/?q=Trickbot\" rel=\"noopener noreferrer\">Trickbot<\/a>, another banking trojan \u2013 which occasionally dropped the Ryuk ransomware.<\/p>\n<p>Basically, Emotet was behind an awful lot of online badness \u2013 and if, as Britain\u2019s NCA claimed, 700 of its command-and-control servers have been taken down, that should make a big dent in malware and ransomware infections.<\/p>\n<p>Nigel Leary, deputy director of the NCA\u2019s National Cyber Crime Unit, said in a statement: \u201cEmotet was instrumental in some of the worst cyber attacks in recent times and enabled up to 70 per cent of the world\u2019s malwares, including the likes of Trickbot and RYUK, which have had significant economic impact on UK businesses.<\/p>\n<h3 class=\"crosshead\"> <span>Good news for Emotet\u2019s victims &#8211; you can see if you were infected<\/span><br \/>\n<\/h3>\n<p>The Abuse.ch online <a target=\"_blank\" href=\"https:\/\/feodotracker.abuse.ch\/browse\/heodo\/\" rel=\"noopener noreferrer\">malware tracker<\/a> showed very few known Emotet (aka Heodo, as that site calls the malware) nodes remaining online in the wake of the raids.<\/p>\n<p>Europol also said the raids had resulted in innocent victims already infected with Emotet having those infections neutralised through police gaining control of the crims\u2019 C2 infrastructure, explaining: &#8220;The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure. This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime.&#8221;<\/p>\n<p>Dutch police published an <a target=\"_blank\" href=\"https:\/\/www.politie.nl\/themas\/controleer-of-mijn-inloggegevens-zijn-gestolen.html\" rel=\"noopener noreferrer\">Emotet email address checker<\/a> (the page contains an English translation a few paragraphs in) so potential victims can check if they were known to have been infected by the nasty. This service appears to be powered by a seized list of email addresses known to the criminals behind the malware.<\/p>\n<p>Professor Alan Woodward of the University of Surrey told <i>The Register<\/i>: &#8220;Europol were at the centre coordinating and just like the swoop on <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/07\/02\/encrochat_op_venetic_encrypted_phone_arrests\/\" rel=\"noopener noreferrer\">Encrochat<\/a>, this was another big blow to criminals using the internet to cause harm.&#8221;<\/p>\n<p>Alan Grau, VP of IoT and embedded solutions at Sectigo, said of the takedown: &#8220;The demise of Emotet will be welcomed in many quarters, but there is no doubt that malicious actors will be developing new variants to fill the vacuum. As such, email security practices, especially in light of remote work, are more important than ever.<\/p>\n<p>&#8220;To protect against these ongoing attacks, enterprises must continue to train users on how to avoid phishing attacks. It is also critical to implement strong email security. Zero-touch deployment S\/MIME email certificates automatically update the security profile of the email communication by authenticating the sender, encrypting the email content and attachment, and ensuring integrity.&#8221;<\/p>\n<p>Jordan LaRose, managing consultant at F-Secure, told <i>The Reg<\/i>: &#8220;Emotet has been a perennial enemy of businesses and cybersecurity practices alike for years now, and has contributed to some of the worst incidents we&#8217;ve ever seen.<\/p>\n<p>&#8220;One of the most difficult aspects of incident response, and combating malware at large, is taking action against attackers who are able to act anonymously and largely without penalty due to the diplomatic implications of retaliation against them. This is never more true than with a botnet like Emotet that has infrastructure distributed among countries all over the world.<\/p>\n<p>LaRose added: &#8220;While it is likely that other attackers will rise to fill the void left by Emotet, this investigation should serve as a warning to all other malware groups that distributed attack strategies won&#8217;t protect them forever.&#8221;<\/p>\n<div class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",button,dbutton,mpu_plus,dmpu,\" data-sm=\",button,dbutton,mpu_plus,dmpu,\" data-md=\",button,dbutton,mpu_plus,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Criminal charges and prosecutions will doubtless follow from the raids. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/01\/27\/emotet_botnet_taken_down_europol\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Europol-led op knocks offline 700 servers used to infect &#8216;millions of computers&#8217; EU police agency Europol has boasted of taking down the main botnet powering the Emotet trojan-cum-malware dropper, as part of a multinational police operation that included raids on the alleged operators\u2019 homes in the Ukraine.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-39347","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Command &#039;n&#039; control botnet of notorious Emotet Windows ransomware shut down in multinational police raid 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Command &#039;n&#039; control botnet of notorious Emotet Windows ransomware shut down in multinational police raid 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-27T17:13:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Command &#8216;n&#8217; control botnet of notorious Emotet Windows ransomware shut down in multinational police raid\",\"datePublished\":\"2021-01-27T17:13:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/\"},\"wordCount\":923,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/\",\"name\":\"Command 'n' control botnet of notorious Emotet Windows ransomware shut down in multinational police raid 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-01-27T17:13:30+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#primaryimage\",\"url\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Command &#8216;n&#8217; control botnet of notorious Emotet Windows ransomware shut down in multinational police raid\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Command 'n' control botnet of notorious Emotet Windows ransomware shut down in multinational police raid 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/","og_locale":"en_US","og_type":"article","og_title":"Command 'n' control botnet of notorious Emotet Windows ransomware shut down in multinational police raid 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-01-27T17:13:30+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Command &#8216;n&#8217; control botnet of notorious Emotet Windows ransomware shut down in multinational police raid","datePublished":"2021-01-27T17:13:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/"},"wordCount":923,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/","url":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/","name":"Command 'n' control botnet of notorious Emotet Windows ransomware shut down in multinational police raid 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-01-27T17:13:30+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YBQVJGwyAQk41yrB1W@ejwAAAEw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/command-n-control-botnet-of-notorious-emotet-windows-ransomware-shut-down-in-multinational-police-raid\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Command &#8216;n&#8217; control botnet of notorious Emotet Windows ransomware shut down in multinational police raid"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39347","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39347"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39347\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}