FBI asks Have I Been Pwned for help alerting potential Emotet victims

Earlier this year a joint operation involving international law enforcement agencies brought an end to one of the more dangerous strains of malware in recent years, Emotet.

The malware has been on the scene since at least 2014 and it wasn’t just Emotet professionals were worried about. This is because Emotet opened the door for other malware to be installed including ransomware, Trojans and worse.

“The infrastructure that was used by Emotet involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts,” Europol explained in January.

“To severely disrupt the Emotet infrastructure, law enforcement teamed up together to create an effective operational strategy,” the agency added.

But the team isn’t done yet because in order to alert potential victims that they may have been hit by Emotet, the FBI (one of the international law enforcement agencies involved) has called on Troy Hunt and his website Have I Been Pwned.

“Following the takedown [of Emotet], the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their accounts had been affected by Emotet. This isn’t the first time HIBP has been used by law enforcement in the wake of criminal activity with the Estonian Central Police using it for similar purposes a few years earlier,” Hunt wrote in a blog.

Hunt has made the decision to classify the data the FBI has provided him with as sensitive. This means that the database isn’t publicly searchable and you will need to sign up for HIBP’s notification service here. This is a good idea in general as HIBP will alert you if your email address is compromised elsewhere in future.

In total there are 4 324 770 email addresses in the HIBP database but it’s not just email addresses.

There are also web credentials for domains that were stored in browsers to make future logins smoother. You are able to use the same notification service to check if your credentials have been compromised.

It’s thanks to the FBI, the Dutch National High Technical Crimes Unit and the German Federal Criminal Police Office that this data is able to be searched and users can now take action to protect themselves.

To that end Hunt and the FBI recommend the following for folks who find themselves within this database:

[Image – CC 0 Pixabay]

Exit mobile version