Emotet Malware is Now Officially Dead
For years in the cybersecurity space, Emotet is a resounding name since it empowered over 70% of the world’s malware campaigns. The botnet malware is spread through phishing emails and acted as an initial vector for many ransomware actors, and infected hundreds of thousands of computers. Once the target infected his system by installing the Emotet malware, it makes a backdoor and invites the second-stage payload in the form of Qbot or TrickBot, which in return procures ransomware malware like ProLock, Ryuk, or Conti. This botnet was reported to be operated by TA542, also known as Mummy Spider. In January this year, Ukrainian police in association with German, Europol, FBI, etc have successfully disrupted the Emotet’s operations by capturing the botnet’s servers. While the infections are contained, the actual task is the remove them from the systems that are infected in past.
– Deletes the service– Deletes the run key– Attempts (but fails) to move file to %temp%– Exits the process 👉Emotet is now disabled More details: https://t.co/jbF6JamOnB pic.twitter.com/yZmt4BW5Bv — Jérôme Segura (@jeromesegura) January 31, 2021 For this, the German police (Bundeskriminalamt) tasked up and made an uninstaller module, that was sent to all infected systems around the world (or connected to the botnet) for removal. Now, as per reports, the operation was successful since German police have announced terminating the Emotet malware from all the infected systems. Initially, they had sent a configuration file to record all the connected systems and waited this long for collecting evidence. Now that they’ve gathered enough for law enforcement procedures, they’ve finally wiped out the Emotet malware from all infected systems around the world.