Emotet malware, the infamous botnet that once empowered over 70% of global infections, has been uninstalled from all the infected systems today, forever. This feat was done by German police, who in association with other police agencies has captured the C2 servers of Emotet botnet and disabled operations. Emotet is a first-step infection that ultimately brought in payloads for further exploitation.
Emotet Malware is Now Officially Dead
For years in the cybersecurity space, Emotet is a resounding name since it empowered over 70% of the world’s malware campaigns. The botnet malware is spread through phishing emails and acted as an initial vector for many ransomware actors, and infected hundreds of thousands of computers.
Once the target infected his system by installing the Emotet malware, it makes a backdoor and invites the second-stage payload in the form of Qbot or TrickBot, which in return procures ransomware malware like ProLock, Ryuk, or Conti. This botnet was reported to be operated by TA542, also known as Mummy Spider.
In January this year, Ukrainian police in association with German, Europol, FBI, etc have successfully disrupted the Emotet’s operations by capturing the botnet’s servers. While the infections are contained, the actual task is the remove them from the systems that are infected in past.
#Emotet uninstall routine tested via date hack (system clock changed to sometime after April 25).
– Deletes the service
– Deletes the run key
– Attempts (but fails) to move file to %temp%
– Exits the process
👉Emotet is now disabled
— Jérôme Segura (@jeromesegura) January 31, 2021
For this, the German police (Bundeskriminalamt) tasked up and made an uninstaller module, that was sent to all infected systems around the world (or connected to the botnet) for removal. Now, as per reports, the operation was successful since German police have announced terminating the Emotet malware from all the infected systems.
Initially, they had sent a configuration file to record all the connected systems and waited this long for collecting evidence. Now that they’ve gathered enough for law enforcement procedures, they’ve finally wiped out the Emotet malware from all infected systems around the world.