Destructive botnet Emotet making a comeback
Posted by: GuidePoint Security
Published 11/23/21, 11:00am
Nice weather can’t last forever, and the return of the Emotet botnet is assuring organizations of an increasingly stormy cyber forecast.
The Emotet botnet has been silent for almost ten months following an international effort to take down its command and control (C2) servers in January, followed by a mass-uninstall of the Emotet malware back in April. Last week, however, security researchers discovered the Trickbot malware dropping a loader for a new version of Emotet on infected systems.
Emotet is known as one of the most dangerous botnets, spreading malicious campaigns used in everything from spam to destructive and dangerous malware. Previous payloads have included Qbot and Trickbot, which were then used to deliver additional threats, such as ransomware from Ryuk, Conti, Egregor, and others.
Researchers have not yet observed Emotet engaging in any spamming or malware delivery operations, likely because the threat group appears to be attempting to rebuild the botnet from scratch. However, security experts are warning that the rebirth of the botnet would likely mean an increase in phishing and ransomware infections.
Next Steps
To prevent Emotet infection, organizations are advised to block all IP addresses associated with Emotet.
GuidePoint Security