Emotet Is Being Deleted - But Are We in the Clear?

The infamous botnet Emotet, which was weaponized for spam campaigns and ransomware attacks, has ceased to exist thanks to European law enforcement.


700 servers associated with the botnet were killed thanks to Operation Ladybird.


As of now, researchers have shown that no Emotet servers are online. But we don't know yet if is this final life cycle of Emotet. Time will tell according to some security experts.


Christopher Fielder, at Arctic Wolf shared his insights on this latest news. While the update created by law enforcement is an excellent first step, Christopher believes there is still a lot of work to be done for organizations to truly consider themselves “safe":


"As an industry, we must be cognizant that though a new update was created to delete Emotet, machines still aren’t necessarily “safe.” We must consider Emotet as just the primary infection and delivery method. We must also question whether the machine has suffered secondary infections. Security teams should also assume many machines will have persistence mechanisms established, which will let attackers attempt to regain access to these devices without Emotet.

Many attacks are broken into multiple stages and use numerous pieces of malware. Deactivating Emotet can be seen as a first step in recovering these machines, but it is far from the only step. These machines should still be considered compromised and accessed using an effective incident response plan. Furthermore, we must understand that Emotet developers are financially motivated and will continue attempting to either reestablish access to previously infected machines or begin an entirely new campaign.

This effort will hopefully eliminate this piece of malware, but the threat landscape is still vast with no end in sight. Security teams must be prepared. As long as there is a demand for Malware-as-a-service, there will be new threat actors that will step up to provide that service."


###