“Emotet” Shutdown Date Approaches and Here’s What It Means

  • The removal of all Emotet payloads is scheduled for Sunday, so this is your last chance to probe networks.
  • A few months have passed since the Emotet takedown, and it seems that it’s final and irreversible.
  • Directly linked malware families have had their ups and downs as the field adjusts to the new reality.

When an internationally coordinated law enforcement operation took down the most crucial “Emotet” botnet infrastructure in January 2021, the deadline for its final removal was set to March 25, 2021. This was eventually pushed further by one more month, allowing more time for the system admins to figure out all the possible subsequent infections and secondary payloads that the malware may have deployed. With three days left until the final uprooting takes place, Digital Shadows takes a dive into the matter and “decodes” its importance.

First of all, shutting down Emotet’s infrastructure means a massive-scale malicious operation that has brought the crooks over 2 billion USD comes to an end. This was one of the biggest botnets out there, so a vacuum is inevitably created. Digital Shadows investigators report that starting in March 2021, there’s a notable uptick in the deployment of BazarCall and IcedID.

In the meantime, the delivery of TrickBot, Ryuk, and the QakBot banking trojan has suffered a blow, and these families will have to work with other distribution platforms if they are planning to continue, and it seems that they are. MaaS are too lucrative to see them go away completely, so nobody is expected the Emotet takedown to have such groundbreaking effects in the industry.

At this point, the security world is in a dual state comprising of a celebratory and a cautionary leg. After all this time, it is clear that Emotet is dead and not coming back. The key people were arrested and the crucial infrastructure was taken down, so this constitutes a reason for celebration. On the other side, and no matter the humongous size of Emotet, it is really just a drop in the ocean of online threats. Taking down these entities always has a notable impact, but it’s surely temporary.

And as for the admins of the potentially compromised systems, you have until Sunday to run your scans. On that day, the final update in the form of “Emotetloader.dll” will be delivered, removing the Windows registry key and terminating all running processes on the infected servers. If you fail to find what other malware may have been introduced to your systems through Emotet by then, it will be harder to figure it out afterward. Thus, this is your last window of a unique opportunity.

REVIEW OVERVIEW

Latest

How to Watch Floyd Mayweather Vs. Logan Paul: Live Stream, Fight Date

Boxing legend Floyd Mayweather makes his return to the ring on June 06 to take on famous YouTuber Logan Paul in a...

Google Finds a Way Out of the Deadlock for YouTube TV on Roku

Google is offering a workaround for Roku users who suddenly got locked out of the YouTube TV app.The tech giant is incorporating...

Cryptocurrency Scammers Have Hijacked Twitter Account of Argentinian Politician

Bitcoin scammers have taken over the Twitter account of a prominent political person in Argentina.The actors are leading their prospective victims to...