FBI asks Have I Been Pwned for help alerting potential Emotet victims

Share on facebook
Share on twitter
Share on linkedin
Share on email

Earlier this year a joint operation involving international law enforcement agencies brought an end to one of the more dangerous strains of malware in recent years, Emotet.

The malware has been on the scene since at least 2014 and it wasn’t just Emotet professionals were worried about. This is because Emotet opened the door for other malware to be installed including ransomware, Trojans and worse.

“The infrastructure that was used by Emotet involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts,” Europol explained in January.

“To severely disrupt the Emotet infrastructure, law enforcement teamed up together to create an effective operational strategy,” the agency added.

But the team isn’t done yet because in order to alert potential victims that they may have been hit by Emotet, the FBI (one of the international law enforcement agencies involved) has called on Troy Hunt and his website Have I Been Pwned.

“Following the takedown [of Emotet], the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their accounts had been affected by Emotet. This isn’t the first time HIBP has been used by law enforcement in the wake of criminal activity with the Estonian Central Police using it for similar purposes a few years earlier,” Hunt wrote in a blog.

Hunt has made the decision to classify the data the FBI has provided him with as sensitive. This means that the database isn’t publicly searchable and you will need to sign up for HIBP’s notification service here. This is a good idea in general as HIBP will alert you if your email address is compromised elsewhere in future.

In total there are 4 324 770 email addresses in the HIBP database but it’s not just email addresses.

There are also web credentials for domains that were stored in browsers to make future logins smoother. You are able to use the same notification service to check if your credentials have been compromised.

It’s thanks to the FBI, the Dutch National High Technical Crimes Unit and the German Federal Criminal Police Office that this data is able to be searched and users can now take action to protect themselves.

To that end Hunt and the FBI recommend the following for folks who find themselves within this database:

  • Keep security software such as antivirus up to date with current definitions.  “I personally use Microsoft Defender which is free, built into Windows 10 and updates automatically via Windows Update,” says Hunt.
  • Change your email account password. Also change passwords and security questions for any accounts you may have stored in either your inbox or browser, especially those of higher value such as banking.

[Image – CC 0 Pixabay]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.