“Emotet” Shutdown Date Approaches and Here’s What It Means

  • The removal of all Emotet payloads is scheduled for Sunday, so this is your last chance to probe networks.
  • A few months have passed since the Emotet takedown, and it seems that it’s final and irreversible.
  • Directly linked malware families have had their ups and downs as the field adjusts to the new reality.

When an internationally coordinated law enforcement operation took down the most crucial “Emotet” botnet infrastructure in January 2021, the deadline for its final removal was set to March 25, 2021. This was eventually pushed further by one more month, allowing more time for the system admins to figure out all the possible subsequent infections and secondary payloads that the malware may have deployed. With three days left until the final uprooting takes place, Digital Shadows takes a dive into the matter and “decodes” its importance.

First of all, shutting down Emotet’s infrastructure means a massive-scale malicious operation that has brought the crooks over 2 billion USD comes to an end. This was one of the biggest botnets out there, so a vacuum is inevitably created. Digital Shadows investigators report that starting in March 2021, there’s a notable uptick in the deployment of BazarCall and IcedID.

In the meantime, the delivery of TrickBot, Ryuk, and the QakBot banking trojan has suffered a blow, and these families will have to work with other distribution platforms if they are planning to continue, and it seems that they are. MaaS are too lucrative to see them go away completely, so nobody is expected the Emotet takedown to have such groundbreaking effects in the industry.

At this point, the security world is in a dual state comprising of a celebratory and a cautionary leg. After all this time, it is clear that Emotet is dead and not coming back. The key people were arrested and the crucial infrastructure was taken down, so this constitutes a reason for celebration. On the other side, and no matter the humongous size of Emotet, it is really just a drop in the ocean of online threats. Taking down these entities always has a notable impact, but it’s surely temporary.

And as for the admins of the potentially compromised systems, you have until Sunday to run your scans. On that day, the final update in the form of “Emotetloader.dll” will be delivered, removing the Windows registry key and terminating all running processes on the infected servers. If you fail to find what other malware may have been introduced to your systems through Emotet by then, it will be harder to figure it out afterward. Thus, this is your last window of a unique opportunity.

REVIEW OVERVIEW

Latest

How to Watch Washington Wizards Games Online Without Cable

The Washington Wizards have been the surprise package of the NBA season so far, exciting fans all over the world with their...

How to Watch Philadelphia 76ers vs. Boston Celtics: Live Stream, Start Time, TV Channel, Odds, Predictions

The NBA regular season continues on Wednesday evening, with the Boston Celtics hosting the Philadelphia 76ers at the world-famous TD Garden in...

How to Watch Sacramento Kings vs. Los Angeles Clippers: Live Stream, Start Time, TV Channel, Odds, Predictions

The Los Angeles Clippers will be looking to return to winning ways as they battle it out against the Sacramento Kings in...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari