Emotet malware, the infamous botnet that once empowered over 70% of global infections, has been uninstalled from all the infected systems today, forever. This feat was done by German police, who in association with other police agencies has captured the C2 servers of Emotet botnet and disabled operations. Emotet is a first-step infection that ultimately brought in payloads for further exploitation.
Emotet Malware is Now Officially Dead
For years in the cybersecurity space, Emotet is a resounding name since it empowered over 70% of the world’s malware campaigns. The botnet malware is spread through phishing emails and acted as an initial vector for many ransomware actors, and infected hundreds of thousands of computers.
Once the target infected his system by installing the Emotet malware, it makes a backdoor and invites the second-stage payload in the form of Qbot or TrickBot , which in return procures ransomware malware like ProLock , Ryuk , or Conti . This botnet was reported to be operated by TA542 , also known as Mummy Spider .
In January this year , Ukrainian police in association with German, Europol, FBI, etc have successfully disrupted the Emotet’s operations by capturing the botnet’s servers. While the infections are contained, the actual task is the remove them from the systems that are infected in past.
#Emotet uninstall routine tested via date hack (system clock changed to sometime after April 25). – Deletes the service – Deletes the run key – Attempts (but fails) to move file to %temp% – Exits the process ????Emotet is now disabled More details: https://t.co/jbF6JamOnB pic.twitter.com/yZmt4BW5Bv — Jérôme Segura (@jeromesegura) January 31, 2021
